Supported configurations for this release
=========================================
- * iptables >= 1.4.1
- upper bound: iptables <= 1.4.3-rc1
+ * iptables >= 1.4.3
* kernel-source >= 2.6.17, no upper bound known
with prepared build/output directory
# -*- Makefile -*-
ACLOCAL_AMFLAGS = -I m4
-AUTOMAKE_OPTIONS = foreign subdir-objects
SUBDIRS = extensions
man_MANS := xtables-addons.8
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_INSTALL
-AM_INIT_AUTOMAKE([-Wall])
+AM_INIT_AUTOMAKE([-Wall foreign subdir-objects])
AC_PROG_CC
AM_PROG_CC_C_O
AC_DISABLE_STATIC
[xtlibdir="$withval"],
[xtlibdir='${libexecdir}/xtables'])
-AC_MSG_CHECKING([xtables.h presence])
+#
+# --with-xtables= overrides a possibly installed pkgconfig file.
+#
if [[ -n "$xtables_location" ]]; then
+ AC_MSG_CHECKING([xtables.h presence])
if [[ -f "$xtables_location/xtables.h" ]]; then
AC_MSG_RESULT([$xtables_location/xtables.h])
xtables_CFLAGS="-I $xtables_location";
AC_MSG_RESULT([$xtables_location/include/xtables.h])
xtables_CFLAGS="-I $xtables_location/include";
fi;
-fi;
-if [[ -z "$xtables_CFLAGS" ]]; then
- if [[ -f "$includedir/xtables.h" ]]; then
- AC_MSG_RESULT([$includedir/xtables.h])
- else
- AC_MSG_RESULT([no])
+ if [[ -z "$xtables_CFLAGS" ]]; then
+ if [[ -f "$includedir/xtables.h" ]]; then
+ AC_MSG_RESULT([$includedir/xtables.h])
+ else
+ AC_MSG_RESULT([no])
+ fi;
fi;
+else
+ PKG_CHECK_MODULES([libxtables], [xtables >= 1.4.3])
fi;
regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \
- added a reworked ipv4options match
+- upgrade to iptables 1.4.3 API
Xtables-addons 1.12 (March 07 2009)
{
if (flags == (F_DELUDE | F_TARPIT))
/* If flags == 0x03, both were specified, which should not be. */
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"CHAOS: only one of --tarpit or --delude "
"may be specified");
}
switch (c) {
case 'M':
- param_act(P_ONLY_ONCE, "DHCPADDR", "--set-mac", *flags & F_MAC);
- param_act(P_NO_INVERT, "DHCPADDR", "--set-mac", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "DHCPADDR", "--set-mac", *flags & F_MAC);
+ xtables_param_act(XTF_NO_INVERT, "DHCPADDR", "--set-mac", invert);
if (!mac_parse(optarg, info->addr, &info->mask))
- param_act(P_BAD_VALUE, "DHCPADDR", "--set-mac", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "DHCPADDR", "--set-mac", optarg);
*flags |= F_MAC;
return true;
}
static void dhcpaddr_tg_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "DHCPADDR target: "
+ xtables_error(PARAMETER_PROBLEM, "DHCPADDR target: "
"--set-mac parameter required");
}
switch (c) {
case '1':
- param_act(P_ONLY_ONCE, "IPMARK", "addr", *flags & FL_ADDR_USED);
- param_act(P_NO_INVERT, "IPMARK", "addr", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "IPMARK", "addr", *flags & FL_ADDR_USED);
+ xtables_param_act(XTF_NO_INVERT, "IPMARK", "addr", invert);
if (strcmp(optarg, "src") == 0)
info->selector = XT_IPMARK_SRC;
else if (strcmp(optarg, "dst") == 0)
info->selector = XT_IPMARK_DST;
else
- exit_error(PARAMETER_PROBLEM, "Bad addr value `%s' - should be `src' or `dst'", optarg);
+ xtables_error(PARAMETER_PROBLEM, "Bad addr value `%s' - should be `src' or `dst'", optarg);
*flags |= FL_ADDR_USED;
return true;
case '2':
- param_act(P_ONLY_ONCE, "IPMARK", "and-mask", *flags & FL_AND_MASK_USED);
- param_act(P_NO_INVERT, "IPMARK", "and-mask", invert);
- if (!strtonum(optarg, NULL, &n, 0, ~0U))
- param_act(P_BAD_VALUE, "IPMARK", "and-mask", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "IPMARK", "and-mask", *flags & FL_AND_MASK_USED);
+ xtables_param_act(XTF_NO_INVERT, "IPMARK", "and-mask", invert);
+ if (!xtables_strtoui(optarg, NULL, &n, 0, ~0U))
+ xtables_param_act(XTF_BAD_VALUE, "IPMARK", "and-mask", optarg);
info->andmask = n;
*flags |= FL_AND_MASK_USED;
return true;
case '3':
- param_act(P_ONLY_ONCE, "IPMARK", "or-mask", *flags & FL_OR_MASK_USED);
- param_act(P_NO_INVERT, "IPMARK", "or-mask", invert);
- if (!strtonum(optarg, NULL, &n, 0, ~0U))
- param_act(P_BAD_VALUE, "IPMARK", "or-mask", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "IPMARK", "or-mask", *flags & FL_OR_MASK_USED);
+ xtables_param_act(XTF_NO_INVERT, "IPMARK", "or-mask", invert);
+ if (!xtables_strtoui(optarg, NULL, &n, 0, ~0U))
+ xtables_param_act(XTF_BAD_VALUE, "IPMARK", "or-mask", optarg);
info->ormask = n;
*flags |= FL_OR_MASK_USED;
return true;
case '4':
- param_act(P_ONLY_ONCE, "IPMARK", "--shift", *flags & FL_SHIFT);
- param_act(P_NO_INVERT, "IPMARK", "--shift", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "IPMARK", "--shift", *flags & FL_SHIFT);
+ xtables_param_act(XTF_NO_INVERT, "IPMARK", "--shift", invert);
/*
* Anything >31 does not make sense for IPv4, but it still
* does the right thing.
*/
- if (!strtonum(optarg, NULL, &n, 0, 128))
- param_act(P_BAD_VALUE, "IPMARK", "--shift", optarg);
+ if (!xtables_strtoui(optarg, NULL, &n, 0, 128))
+ xtables_param_act(XTF_BAD_VALUE, "IPMARK", "--shift", optarg);
info->shift = n;
return true;
}
static void ipmark_tg_check(unsigned int flags)
{
if (!(flags & FL_ADDR_USED))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"IPMARK target: Parameter --addr is required");
}
switch (c) {
case 'l': /* --log-level */
- param_act(P_ONLY_ONCE, "LOGMARK", "--log-level", *flags & F_LEVEL);
- param_act(P_NO_INVERT, "LOGMARK", "--log-level", invert);
- if (!strtonum(optarg, NULL, &x, 0, 8))
- param_act(P_BAD_VALUE, "LOGMARK", "--log-level", optarg);
+ xtables_param_act(XTF_ONLY_ONCE, "LOGMARK", "--log-level", *flags & F_LEVEL);
+ xtables_param_act(XTF_NO_INVERT, "LOGMARK", "--log-level", invert);
+ if (!xtables_strtoui(optarg, NULL, &x, 0, 8))
+ xtables_param_act(XTF_BAD_VALUE, "LOGMARK", "--log-level", optarg);
info->level = x;
*flags |= F_LEVEL;
return true;
case 'p': /* --log-prefix */
- param_act(P_ONLY_ONCE, "LOGMARK", "--log-prefix", *flags & F_PREFIX);
- param_act(P_NO_INVERT, "LOGMARK", "--log-prefix", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "LOGMARK", "--log-prefix", *flags & F_PREFIX);
+ xtables_param_act(XTF_NO_INVERT, "LOGMARK", "--log-prefix", invert);
if (strlen(optarg) > sizeof(info->prefix))
- exit_error(PARAMETER_PROBLEM, "LOGMARK: Maximum "
+ xtables_error(PARAMETER_PROBLEM, "LOGMARK: Maximum "
"prefix length is %zu",
sizeof(info->prefix));
if (strchr(optarg, '\n'))
- exit_error(PARAMETER_PROBLEM, "LOGMARK: Newlines not "
+ xtables_error(PARAMETER_PROBLEM, "LOGMARK: Newlines not "
"allowed in log prefix");
strncpy(info->prefix, optarg, sizeof(info->prefix));
*flags |= F_PREFIX;
switch (c) {
case 'g':
if (*flags & FLAG_GATEWAY)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --gw more than once");
- ia = numeric_to_ipaddr(optarg);
+ ia = xtables_numeric_to_ipaddr(optarg);
if (ia == NULL)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid IP address %s", optarg);
memcpy(&info->gw, ia, sizeof(*ia));
switch (c) {
case 'g':
if (*flags & FLAG_GATEWAY)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Cannot specify --gw more than once");
- ia = numeric_to_ip6addr(optarg);
+ ia = xtables_numeric_to_ip6addr(optarg);
if (ia == NULL)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Invalid IP address %s", optarg);
memcpy(&info->gw, ia, sizeof(*ia));
static void tee_tg_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "TEE target: "
+ xtables_error(PARAMETER_PROBLEM, "TEE target: "
"--gateway parameter required");
}
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", ipaddr_to_numeric(&info->gw.in));
+ printf("TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
else
- printf("TEE gw:%s ", ipaddr_to_anyname(&info->gw.in));
+ printf("TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
}
static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", ip6addr_to_numeric(&info->gw.in6));
+ printf("TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
else
- printf("TEE gw:%s ", ip6addr_to_anyname(&info->gw.in6));
+ printf("TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
}
static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", ipaddr_to_numeric(&info->gw.in));
+ printf("--gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
}
static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", ip6addr_to_numeric(&info->gw.in6));
+ printf("--gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
}
static struct xtables_target tee_tg_reg = {
if (c == 'X') {
if (*flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple conditions");
if (strlen(optarg) < sizeof(info->name))
strcpy(info->name, optarg);
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"File name too long");
info->invert = invert;
static void condition_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"Condition match: must specify --condition");
}
switch (c) {
case 'M':
- param_act(P_ONLY_ONCE, "dhcpaddr", "--mac", *flags & F_MAC);
- param_act(P_NO_INVERT, "dhcpaddr", "--mac", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "dhcpaddr", "--mac", *flags & F_MAC);
+ xtables_param_act(XTF_NO_INVERT, "dhcpaddr", "--mac", invert);
if (!mac_parse(optarg, info->addr, &info->mask))
- param_act(P_BAD_VALUE, "dhcpaddr", "--mac", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "dhcpaddr", "--mac", optarg);
if (invert)
info->invert = true;
*flags |= F_MAC;
static void dhcpaddr_mt_check(unsigned int flags)
{
if (flags == 0)
- exit_error(PARAMETER_PROBLEM, "dhcpaddr match: "
+ xtables_error(PARAMETER_PROBLEM, "dhcpaddr match: "
"--mac parameter required");
}
switch (c) {
case '1':
if (invert)
- exit_error(PARAMETER_PROBLEM,"Can't specify ! --lower-limit");
+ xtables_error(PARAMETER_PROBLEM,"Can't specify ! --lower-limit");
if (*flags & IPT_FUZZY_OPT_MINIMUM)
- exit_error(PARAMETER_PROBLEM,"Can't specify --lower-limit twice");
- if (string_to_number(optarg,1,FUZZY_MAX_RATE,&num) == -1 || num < 1)
- exit_error(PARAMETER_PROBLEM,"BAD --lower-limit");
+ xtables_error(PARAMETER_PROBLEM,"Can't specify --lower-limit twice");
+ if (!xtables_strtoui(optarg, NULL, &num, 1, FUZZY_MAX_RATE) == -1 || num < 1)
+ xtables_error(PARAMETER_PROBLEM,"BAD --lower-limit");
info->minimum_rate = num;
*flags |= IPT_FUZZY_OPT_MINIMUM;
return true;
case '2':
if (invert)
- exit_error(PARAMETER_PROBLEM,"Can't specify ! --upper-limit");
+ xtables_error(PARAMETER_PROBLEM,"Can't specify ! --upper-limit");
if (*flags & IPT_FUZZY_OPT_MAXIMUM)
- exit_error(PARAMETER_PROBLEM,"Can't specify --upper-limit twice");
- if (string_to_number(optarg,1,FUZZY_MAX_RATE,&num) == -1 || num < 1)
- exit_error(PARAMETER_PROBLEM,"BAD --upper-limit");
+ xtables_error(PARAMETER_PROBLEM,"Can't specify --upper-limit twice");
+ if (!xtables_strtoui(optarg, NULL, &num, 1, FUZZY_MAX_RATE) == -1 || num < 1)
+ xtables_error(PARAMETER_PROBLEM,"BAD --upper-limit");
info->maximum_rate = num;
*flags |= IPT_FUZZY_OPT_MAXIMUM;
return true;
if ((fd = open(buf, O_RDONLY)) < 0) {
fprintf(stderr, "Could not open %s: %s\n", buf, strerror(errno));
- exit_error(OTHER_PROBLEM, "Could not read geoip database");
+ xtables_error(OTHER_PROBLEM, "Could not read geoip database");
}
fstat(fd, &sb);
if (sb.st_size % sizeof(struct geoip_subnet) != 0)
- exit_error(OTHER_PROBLEM, "Database file %s seems to be "
+ xtables_error(OTHER_PROBLEM, "Database file %s seems to be "
"corrupted", buf);
subnets = malloc(sb.st_size);
if (subnets == NULL)
- exit_error(OTHER_PROBLEM, "geoip: insufficient memory");
+ xtables_error(OTHER_PROBLEM, "geoip: insufficient memory");
read(fd, subnets, sb.st_size);
close(fd);
*count = sb.st_size / sizeof(struct geoip_subnet);
if (strlen(cc) != 2) /* Country must be 2 chars long according
to the ISO3166 standard */
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: invalid country code '%s'", cc);
// Verification will fail if chars aren't uppercased.
if (isalnum(cc[i]) != 0)
cc[i] = toupper(cc[i]);
else
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: invalid country code '%s'", cc);
/* Convert chars into a single 16 bit integer.
buffer = strdup(ccstr);
if (!buffer)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"geoip: insufficient memory available");
for (cp = buffer, i = 0; cp && i < XT_GEOIP_MAX; cp = next, i++)
if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) {
if ((mem[count++].user = (unsigned long)geoip_load_cc(cp, cctmp)) == 0)
- exit_error(OTHER_PROBLEM,
+ xtables_error(OTHER_PROBLEM,
"geoip: insufficient memory available");
cc[count-1] = cctmp;
}
}
if (cp)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: too many countries specified");
free(buffer);
if (count == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: don't know what happened");
return count;
switch (c) {
case '1':
if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: Only exactly one of --source-country "
"or --destination-country must be specified!");
case '2':
if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: Only exactly one of --source-country "
"or --destination-country must be specified!");
geoip_final_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"geoip: missing arguments");
}
switch (c) {
case '2': /*cmd: edk*/
- param_act(P_ONLY_ONCE, "--edk", *flags & IPP2P_EDK);
- param_act(P_NO_INVERT, "--edk", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--edk", *flags & IPP2P_EDK);
+ xtables_param_act(XTF_NO_INVERT, "--edk", invert);
if (*flags & IPP2P_DATA_EDK)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ipp2p: use `--edk' OR `--edk-data' but not both of them!");
*flags |= IPP2P_EDK;
info->cmd |= IPP2P_EDK;
break;
case '7': /*cmd: dc*/
- param_act(P_ONLY_ONCE, "--dc", *flags & IPP2P_DC);
- param_act(P_NO_INVERT, "--dc", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--dc", *flags & IPP2P_DC);
+ xtables_param_act(XTF_NO_INVERT, "--dc", invert);
if (*flags & IPP2P_DATA_DC)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ipp2p: use `--dc' OR `--dc-data' but not both of them!");
*flags |= IPP2P_DC;
info->cmd |= IPP2P_DC;
break;
case '9': /*cmd: gnu*/
- param_act(P_ONLY_ONCE, "--gnu", *flags & IPP2P_GNU);
- param_act(P_NO_INVERT, "--gnu", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--gnu", *flags & IPP2P_GNU);
+ xtables_param_act(XTF_NO_INVERT, "--gnu", invert);
if (*flags & IPP2P_DATA_GNU)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
*flags |= IPP2P_GNU;
info->cmd |= IPP2P_GNU;
break;
case 'a': /*cmd: kazaa*/
- param_act(P_ONLY_ONCE, "--kazaa", *flags & IPP2P_KAZAA);
- param_act(P_NO_INVERT, "--kazaa", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--kazaa", *flags & IPP2P_KAZAA);
+ xtables_param_act(XTF_NO_INVERT, "--kazaa", invert);
if (*flags & IPP2P_DATA_KAZAA)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
*flags |= IPP2P_KAZAA;
info->cmd |= IPP2P_KAZAA;
break;
case 'b': /*cmd: bit*/
- param_act(P_ONLY_ONCE, "--kazaa", *flags & IPP2P_BIT);
- param_act(P_NO_INVERT, "--kazaa", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--kazaa", *flags & IPP2P_BIT);
+ xtables_param_act(XTF_NO_INVERT, "--kazaa", invert);
*flags |= IPP2P_BIT;
info->cmd |= IPP2P_BIT;
break;
case 'c': /*cmd: apple*/
- param_act(P_ONLY_ONCE, "--apple", *flags & IPP2P_APPLE);
- param_act(P_NO_INVERT, "--apple", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--apple", *flags & IPP2P_APPLE);
+ xtables_param_act(XTF_NO_INVERT, "--apple", invert);
*flags |= IPP2P_APPLE;
info->cmd |= IPP2P_APPLE;
break;
case 'd': /*cmd: soul*/
- param_act(P_ONLY_ONCE, "--soul", *flags & IPP2P_SOUL);
- param_act(P_NO_INVERT, "--soul", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--soul", *flags & IPP2P_SOUL);
+ xtables_param_act(XTF_NO_INVERT, "--soul", invert);
*flags |= IPP2P_SOUL;
info->cmd |= IPP2P_SOUL;
break;
case 'e': /*cmd: winmx*/
- param_act(P_ONLY_ONCE, "--winmx", *flags & IPP2P_WINMX);
- param_act(P_NO_INVERT, "--winmx", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--winmx", *flags & IPP2P_WINMX);
+ xtables_param_act(XTF_NO_INVERT, "--winmx", invert);
*flags |= IPP2P_WINMX;
info->cmd |= IPP2P_WINMX;
break;
case 'f': /*cmd: ares*/
- param_act(P_ONLY_ONCE, "--ares", *flags & IPP2P_ARES);
- param_act(P_NO_INVERT, "--ares", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--ares", *flags & IPP2P_ARES);
+ xtables_param_act(XTF_NO_INVERT, "--ares", invert);
*flags |= IPP2P_ARES;
info->cmd |= IPP2P_ARES;
break;
case 'g': /*cmd: mute*/
- param_act(P_ONLY_ONCE, "--mute", *flags & IPP2P_MUTE);
- param_act(P_NO_INVERT, "--mute", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--mute", *flags & IPP2P_MUTE);
+ xtables_param_act(XTF_NO_INVERT, "--mute", invert);
*flags |= IPP2P_MUTE;
info->cmd |= IPP2P_MUTE;
break;
case 'h': /*cmd: waste*/
- param_act(P_ONLY_ONCE, "--waste", *flags & IPP2P_WASTE);
- param_act(P_NO_INVERT, "--waste", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--waste", *flags & IPP2P_WASTE);
+ xtables_param_act(XTF_NO_INVERT, "--waste", invert);
*flags |= IPP2P_WASTE;
info->cmd |= IPP2P_WASTE;
break;
case 'i': /*cmd: xdcc*/
- param_act(P_ONLY_ONCE, "--xdcc", *flags & IPP2P_XDCC);
- param_act(P_NO_INVERT, "--xdcc", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--xdcc", *flags & IPP2P_XDCC);
+ xtables_param_act(XTF_NO_INVERT, "--xdcc", invert);
*flags |= IPP2P_XDCC;
info->cmd |= IPP2P_XDCC;
break;
case 'j': /*cmd: debug*/
- param_act(P_ONLY_ONCE, "--debug", info->debug);
- param_act(P_NO_INVERT, "--debug", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "--debug", info->debug);
+ xtables_param_act(XTF_NO_INVERT, "--debug", invert);
info->debug = 1;
break;
default:
-// exit_error(PARAMETER_PROBLEM,
+// xtables_error(PARAMETER_PROBLEM,
// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
return 0;
}
static void ipp2p_mt_check(unsigned int flags)
{
if (!flags)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
}
}
if (opt == 0 &&
- !strtonum(arg, NULL, &opt, 0, UINT8_MAX))
- exit_error(PARAMETER_PROBLEM,
+ !xtables_strtoui(arg, NULL, &opt, 0, UINT8_MAX))
+ xtables_error(PARAMETER_PROBLEM,
"ipv4options: Bad option value \"%s\"", arg);
if (opt == 0)
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"ipv4options: Option value may not be zero");
info->map |= (1 << opt);
switch (c) {
case 'a': /* --any */
- param_act(P_NO_INVERT, "ipv4options", "--any", invert);
+ xtables_param_act(XTF_NO_INVERT, "ipv4options", "--any", invert);
info->flags |= XT_V4OPTS_ANY;
return true;
case 'f': /* --flags */
- param_act(P_NO_INVERT, "ipv4options", "--flags", invert);
+ xtables_param_act(XTF_NO_INVERT, "ipv4options", "--flags", invert);
ipv4options_parse_flagspec(info, optarg);
return true;
}
switch (c) {
case '3': /* --layer3 */
- param_act(P_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
+ xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
info->flags &= ~XT_LENGTH_LAYER_MASK;
info->flags |= XT_LENGTH_LAYER3;
*flags |= F_LAYER;
return true;
case '4': /* --layer4 */
- param_act(P_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
+ xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
info->flags &= ~XT_LENGTH_LAYER_MASK;
info->flags |= XT_LENGTH_LAYER4;
*flags |= F_LAYER;
return true;
case '5': /* --layer5 */
- param_act(P_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
+ xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
info->flags &= ~XT_LENGTH_LAYER_MASK;
info->flags |= XT_LENGTH_LAYER5;
*flags |= F_LAYER;
return true;
case '7': /* --layer7 */
- param_act(P_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
+ xtables_param_act(XTF_ONLY_ONCE, "length", "--layer*", *flags & F_LAYER);
info->flags &= ~XT_LENGTH_LAYER_MASK;
info->flags |= XT_LENGTH_LAYER7;
*flags |= F_LAYER;
return true;
case '=': /* --length */
- param_act(P_ONLY_ONCE, "length", "--length", *flags & F_LENGTH);
+ xtables_param_act(XTF_ONLY_ONCE, "length", "--length", *flags & F_LENGTH);
if (invert)
info->flags |= XT_LENGTH_INVERT;
- if (!strtonum(optarg, &end, &from, 0, ~0U))
- param_act(P_BAD_VALUE, "length", "--length", optarg);
+ if (!xtables_strtoui(optarg, &end, &from, 0, ~0U))
+ xtables_param_act(XTF_BAD_VALUE, "length", "--length", optarg);
to = from;
if (*end == ':')
- if (!strtonum(end + 1, &end, &to, 0, ~0U))
- param_act(P_BAD_VALUE, "length",
+ if (!xtables_strtoui(end + 1, &end, &to, 0, ~0U))
+ xtables_param_act(XTF_BAD_VALUE, "length",
"--length", optarg);
if (*end != '\0')
- param_act(P_BAD_VALUE, "length", "--length", optarg);
+ xtables_param_act(XTF_BAD_VALUE, "length", "--length", optarg);
info->min = from;
info->max = to;
*flags |= F_LENGTH;
static void length_mt_check(unsigned int flags)
{
if (!(flags & F_LENGTH))
- exit_error(PARAMETER_PROBLEM,
+ xtables_error(PARAMETER_PROBLEM,
"length: You must specify \"--length\"");
if (!(flags & F_LAYER))
fprintf(stderr, "iptables: length match: Defaulting to "
switch (c) {
case 'g':
- param_act(P_ONLY_ONCE, "quota", "--grow", *flags & FL_GROW);
- param_act(P_NO_INVERT, "quota", "--grow", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "quota", "--grow", *flags & FL_GROW);
+ xtables_param_act(XTF_NO_INVERT, "quota", "--grow", invert);
info->flags |= XT_QUOTA_GROW;
*flags |= FL_GROW;
return true;
case 'n':
/* zero termination done on behalf of the kernel module */
- param_act(P_ONLY_ONCE, "quota", "--name", *flags & FL_NAME);
- param_act(P_NO_INVERT, "quota", "--name", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "quota", "--name", *flags & FL_NAME);
+ xtables_param_act(XTF_NO_INVERT, "quota", "--name", invert);
strncpy(info->name, optarg, sizeof(info->name));
*flags |= FL_NAME;
return true;
case 'p':
- param_act(P_ONLY_ONCE, "quota", "--packets", *flags & FL_PACKET);
- param_act(P_NO_INVERT, "quota", "--packets", invert);
+ xtables_param_act(XTF_ONLY_ONCE, "quota", "--packets", *flags & FL_PACKET);
+ xtables_param_act(XTF_NO_INVERT, "quota", "--packets", invert);
info->flags |= XT_QUOTA_PACKET;
*flags |= FL_PACKET;
return true;
case 'q':
- param_act(P_ONLY_ONCE, "quota", "--quota", *flags & FL_QUOTA);
+ xtables_param_act(XTF_ONLY_ONCE, "quota", "--quota", *flags & FL_QUOTA);
if (invert)
info->flags |= XT_QUOTA_INVERT;
info->quota = strtoull(optarg, &end, 0);
if (*end != '\0')
- exit_error(PARAMETER_PROBLEM, "quota match: "
+ xtables_error(PARAMETER_PROBLEM, "quota match: "
"invalid value for --quota");
*flags |= FL_QUOTA;
return true;
*mask = 48;
if (*end == '/') {
- if (!strtonum(end + 1, &end, &value, 0, 48))
+ if (!xtables_strtoui(end + 1, &end, &value, 0, 48))
return false;
if (*end != '\0')
return false;
projects / thirdparty / xtables-addons.git / commitdiff
