.compat_rev = xtables_compatible_revision,
};
-static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
-{
-/* -n */ 0,
-/* -s */ IP6T_INV_SRCIP,
-/* -d */ IP6T_INV_DSTIP,
-/* -p */ XT_INV_PROTO,
-/* -j */ 0,
-/* -v */ 0,
-/* -x */ 0,
-/* -i */ IP6T_INV_VIA_IN,
-/* -o */ IP6T_INV_VIA_OUT,
-/*--line*/ 0,
-/* -c */ 0,
-};
-
#define opts ip6tables_globals.opts
#define prog_name ip6tables_globals.program_name
#define prog_vers ip6tables_globals.program_version
"Invalid chain name `%s'", chainname);
}
-static void
-set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
- int invert)
-{
- if (*options & option)
- xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
- opt2char(option));
- *options |= option;
-
- if (invert) {
- unsigned int i;
- for (i = 0; 1 << i != option; i++);
-
- if (!inverse_for_options[i])
- xtables_error(PARAMETER_PROBLEM,
- "cannot have ! before -%c",
- opt2char(option));
- *invflg |= inverse_for_options[i];
- }
-}
-
-
static void
print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
struct xtables_target *t;
unsigned long long cnt;
bool table_set = false;
+ uint16_t invflags = 0;
bool invert = false;
/* re-set optind to 0 in case do_command6 gets called
* Option selection
*/
case 'p':
- set_option(&cs.options, OPT_PROTOCOL, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_PROTOCOL, &invflags,
invert);
/* Canonicalize into lower case */
cs.fw6.ipv6.proto = xtables_parse_protocol(cs.protocol);
cs.fw6.ipv6.flags |= IP6T_F_PROTO;
- if (cs.fw6.ipv6.proto == 0
- && (cs.fw6.ipv6.invflags & XT_INV_PROTO))
+ if (cs.fw6.ipv6.proto == 0 && (invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
if (is_exthdr(cs.fw6.ipv6.proto)
- && (cs.fw6.ipv6.invflags & XT_INV_PROTO) == 0)
+ && (invflags & XT_INV_PROTO) == 0)
fprintf(stderr,
"Warning: never matched protocol: %s. "
"use extension match instead.\n",
break;
case 's':
- set_option(&cs.options, OPT_SOURCE, &cs.fw6.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_SOURCE, &invflags, invert);
shostnetworkmask = optarg;
break;
case 'd':
- set_option(&cs.options, OPT_DESTINATION, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_DESTINATION, &invflags,
invert);
dhostnetworkmask = optarg;
break;
#ifdef IP6T_F_GOTO
case 'g':
- set_option(&cs.options, OPT_JUMP, &cs.fw6.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_JUMP, &invflags, invert);
cs.fw6.ipv6.flags |= IP6T_F_GOTO;
cs.jumpto = xt_parse_target(optarg);
break;
#endif
case 'j':
- set_option(&cs.options, OPT_JUMP, &cs.fw6.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_JUMP, &invflags, invert);
command_jump(&cs, optarg);
break;
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
- set_option(&cs.options, OPT_VIANAMEIN, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_VIANAMEIN, &invflags,
invert);
xtables_parse_interface(optarg,
cs.fw6.ipv6.iniface,
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
- set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_VIANAMEOUT, &invflags,
invert);
xtables_parse_interface(optarg,
cs.fw6.ipv6.outiface,
case 'v':
if (!verbose)
set_option(&cs.options, OPT_VERBOSE,
- &cs.fw6.ipv6.invflags, invert);
+ &invflags, invert);
verbose++;
break;
break;
case 'n':
- set_option(&cs.options, OPT_NUMERIC, &cs.fw6.ipv6.invflags,
- invert);
+ set_option(&cs.options, OPT_NUMERIC, &invflags, invert);
break;
case 't':
break;
case 'x':
- set_option(&cs.options, OPT_EXPANDED, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_EXPANDED, &invflags,
invert);
break;
exit(0);
case '0':
- set_option(&cs.options, OPT_LINENUMBERS, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_LINENUMBERS, &invflags,
invert);
break;
case 'c':
- set_option(&cs.options, OPT_COUNTERS, &cs.fw6.ipv6.invflags,
+ set_option(&cs.options, OPT_COUNTERS, &invflags,
invert);
pcnt = optarg;
bcnt = strchr(pcnt + 1, ',');
xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
+ cs.fw6.ipv6.invflags = invflags;
+
if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) {
if (!(cs.options & OPT_DESTINATION))
dhostnetworkmask = "::0/0";
.compat_rev = xtables_compatible_revision,
};
-static const int inverse_for_options[NUMBER_OF_OPT] =
-{
-/* -n */ 0,
-/* -s */ IPT_INV_SRCIP,
-/* -d */ IPT_INV_DSTIP,
-/* -p */ XT_INV_PROTO,
-/* -j */ 0,
-/* -v */ 0,
-/* -x */ 0,
-/* -i */ IPT_INV_VIA_IN,
-/* -o */ IPT_INV_VIA_OUT,
-/*--line*/ 0,
-/* -c */ 0,
-/* -f */ IPT_INV_FRAG,
-};
-
#define opts iptables_globals.opts
#define prog_name iptables_globals.program_name
#define prog_vers iptables_globals.program_version
"Invalid chain name `%s'", chainname);
}
-static void
-set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
- int invert)
-{
- if (*options & option)
- xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
- opt2char(option));
- *options |= option;
-
- if (invert) {
- unsigned int i;
- for (i = 0; 1 << i != option; i++);
-
- if (!inverse_for_options[i])
- xtables_error(PARAMETER_PROBLEM,
- "cannot have ! before -%c",
- opt2char(option));
- *invflg |= inverse_for_options[i];
- }
-}
-
static void
print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
struct xtables_target *t;
unsigned long long cnt;
bool table_set = false;
+ uint16_t invflags = 0;
bool invert = false;
/* re-set optind to 0 in case do_command4 gets called
* Option selection
*/
case 'p':
- set_option(&cs.options, OPT_PROTOCOL, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_PROTOCOL, &invflags,
invert);
/* Canonicalize into lower case */
cs.protocol = optarg;
cs.fw.ip.proto = xtables_parse_protocol(cs.protocol);
- if (cs.fw.ip.proto == 0
- && (cs.fw.ip.invflags & XT_INV_PROTO))
+ if (cs.fw.ip.proto == 0 && (invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
break;
case 's':
- set_option(&cs.options, OPT_SOURCE, &cs.fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_SOURCE, &invflags, invert);
shostnetworkmask = optarg;
break;
case 'd':
- set_option(&cs.options, OPT_DESTINATION, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_DESTINATION, &invflags,
invert);
dhostnetworkmask = optarg;
break;
#ifdef IPT_F_GOTO
case 'g':
- set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_JUMP, &invflags, invert);
cs.fw.ip.flags |= IPT_F_GOTO;
cs.jumpto = xt_parse_target(optarg);
break;
#endif
case 'j':
- set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags,
- invert);
+ set_option(&cs.options, OPT_JUMP, &invflags, invert);
command_jump(&cs, optarg);
break;
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
- set_option(&cs.options, OPT_VIANAMEIN, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_VIANAMEIN, &invflags,
invert);
xtables_parse_interface(optarg,
cs.fw.ip.iniface,
xtables_error(PARAMETER_PROBLEM,
"Empty interface is likely to be "
"undesired");
- set_option(&cs.options, OPT_VIANAMEOUT, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_VIANAMEOUT, &invflags,
invert);
xtables_parse_interface(optarg,
cs.fw.ip.outiface,
break;
case 'f':
- set_option(&cs.options, OPT_FRAGMENT, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_FRAGMENT, &invflags,
invert);
cs.fw.ip.flags |= IPT_F_FRAG;
break;
case 'v':
if (!verbose)
set_option(&cs.options, OPT_VERBOSE,
- &cs.fw.ip.invflags, invert);
+ &invflags, invert);
verbose++;
break;
break;
case 'n':
- set_option(&cs.options, OPT_NUMERIC, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_NUMERIC, &invflags,
invert);
break;
break;
case 'x':
- set_option(&cs.options, OPT_EXPANDED, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_EXPANDED, &invflags,
invert);
break;
exit(0);
case '0':
- set_option(&cs.options, OPT_LINENUMBERS, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_LINENUMBERS, &invflags,
invert);
break;
case 'c':
- set_option(&cs.options, OPT_COUNTERS, &cs.fw.ip.invflags,
+ set_option(&cs.options, OPT_COUNTERS, &invflags,
invert);
pcnt = optarg;
bcnt = strchr(pcnt + 1, ',');
xtables_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
+ cs.fw.ip.invflags = invflags;
+
if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND | CMD_CHECK)) {
if (!(cs.options & OPT_DESTINATION))
dhostnetworkmask = "0.0.0.0/0";
extern char *arp_opcodes[];
#define NUMOPCODES 9
-/* define invflags which won't collide with IPT ones */
-#define IPT_INV_SRCDEVADDR 0x0080
-#define IPT_INV_TGTDEVADDR 0x0100
-#define IPT_INV_ARPHLN 0x0200
-#define IPT_INV_ARPOP 0x0400
-#define IPT_INV_ARPHRD 0x0800
-
#endif
return *ptr;
}
+
+static const int inverse_for_options[NUMBER_OF_OPT] =
+{
+/* -n */ 0,
+/* -s */ IPT_INV_SRCIP,
+/* -d */ IPT_INV_DSTIP,
+/* -p */ XT_INV_PROTO,
+/* -j */ 0,
+/* -v */ 0,
+/* -x */ 0,
+/* -i */ IPT_INV_VIA_IN,
+/* -o */ IPT_INV_VIA_OUT,
+/*--line*/ 0,
+/* -c */ 0,
+/* -f */ IPT_INV_FRAG,
+/* 2 */ IPT_INV_SRCDEVADDR,
+/* 3 */ IPT_INV_TGTDEVADDR,
+/* -l */ IPT_INV_ARPHLN,
+/* 4 */ IPT_INV_ARPOP,
+/* 5 */ IPT_INV_ARPHRD,
+/* 6 */ IPT_INV_PROTO,
+};
+
+void
+set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
+ bool invert)
+{
+ if (*options & option)
+ xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
+ opt2char(option));
+ *options |= option;
+
+ if (invert) {
+ unsigned int i;
+ for (i = 0; 1 << i != option; i++);
+
+ if (!inverse_for_options[i])
+ xtables_error(PARAMETER_PROBLEM,
+ "cannot have ! before -%c",
+ opt2char(option));
+ *invflg |= inverse_for_options[i];
+ }
+}
struct xtables_rule_match;
struct xtables_target;
+/* define invflags which won't collide with IPT ones */
+#define IPT_INV_SRCDEVADDR 0x0080
+#define IPT_INV_TGTDEVADDR 0x0100
+#define IPT_INV_ARPHLN 0x0200
+#define IPT_INV_ARPOP 0x0400
+#define IPT_INV_ARPHRD 0x0800
+
+void
+set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
+ bool invert);
+
/**
* xtables_afinfo - protocol family dependent information
* @kmod: kernel module basename (e.g. "ip_tables")
.compat_rev = nft_compatible_revision,
};
-/* index relates to bit of each OPT_* value */
-static int inverse_for_options[] =
-{
-/* -n */ 0,
-/* -s */ IPT_INV_SRCIP,
-/* -d */ IPT_INV_DSTIP,
-/* -p */ 0,
-/* -j */ 0,
-/* -v */ 0,
-/* -x */ 0,
-/* -i */ IPT_INV_VIA_IN,
-/* -o */ IPT_INV_VIA_OUT,
-/*--line*/ 0,
-/* -c */ 0,
-/* -f */ 0,
-/* 2 */ IPT_INV_SRCDEVADDR,
-/* 3 */ IPT_INV_TGTDEVADDR,
-/* -l */ IPT_INV_ARPHLN,
-/* 4 */ IPT_INV_ARPOP,
-/* 5 */ IPT_INV_ARPHRD,
-/* 6 */ IPT_INV_PROTO,
-};
-
/***********************************************/
/* ARPTABLES SPECIFIC NEW FUNCTIONS ADDED HERE */
/***********************************************/
return false;
}
-static void
-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
- int invert)
-{
- if (*options & option)
- xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
- opt2char(option));
- *options |= option;
-
- if (invert) {
- unsigned int i;
- for (i = 0; 1 << i != option; i++);
-
- if (!inverse_for_options[i])
- xtables_error(PARAMETER_PROBLEM,
- "cannot have ! before -%c",
- opt2char(option));
- *invflg |= inverse_for_options[i];
- }
-}
-
static int
list_entries(struct nft_handle *h, const char *chain, const char *table,
int rulenum, int verbose, int numeric, int expanded,
.compat_rev = nft_compatible_revision,
};
-static const int inverse_for_options[NUMBER_OF_OPT] =
-{
-/* -n */ 0,
-/* -s */ IPT_INV_SRCIP,
-/* -d */ IPT_INV_DSTIP,
-/* -p */ XT_INV_PROTO,
-/* -j */ 0,
-/* -v */ 0,
-/* -x */ 0,
-/* -i */ IPT_INV_VIA_IN,
-/* -o */ IPT_INV_VIA_OUT,
-/*--line*/ 0,
-/* -c */ 0,
-/* -f */ IPT_INV_FRAG,
-};
-
#define opts xt_params->opts
#define prog_name xt_params->program_name
#define prog_vers xt_params->program_version
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
-static void
-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
- bool invert)
-{
- if (*options & option)
- xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
- opt2char(option));
- *options |= option;
-
- if (invert) {
- unsigned int i;
- for (i = 0; 1 << i != option; i++);
-
- if (!inverse_for_options[i])
- xtables_error(PARAMETER_PROBLEM,
- "cannot have ! before -%c",
- opt2char(option));
- *invflg |= inverse_for_options[i];
- }
-}
-
static int
add_entry(const char *chain,
const char *table,
projects / thirdparty / iptables.git / commitdiff
