{
printf(
"iprange match options:\n"
-"[!] --src-range ip-ip Match source IP in the specified range\n"
-"[!] --dst-range ip-ip Match destination IP in the specified range\n");
+"[!] --src-range ip[-ip] Match source IP in the specified range\n"
+"[!] --dst-range ip[-ip] Match destination IP in the specified range\n");
}
static const struct option iprange_mt_opts[] = {
{ .name = NULL }
};
-static void
-parse_iprange(char *arg, struct ipt_iprange *range)
+static void iprange_parse_range(char *arg, union nf_inet_addr *range,
+ u_int8_t family, const char *optname)
{
+ struct in6_addr *ia6;
+ struct in_addr *ia4;
char *dash;
- const struct in_addr *ip;
+ memset(range, 0, sizeof(union nf_inet_addr) * 2);
dash = strchr(arg, '-');
if (dash != NULL)
*dash = '\0';
- ip = xtables_numeric_to_ipaddr(arg);
- if (!ip)
- xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
- arg);
- range->min_ip = ip->s_addr;
-
- if (dash != NULL) {
- ip = xtables_numeric_to_ipaddr(dash+1);
- if (!ip)
- xtables_error(PARAMETER_PROBLEM, "iprange match: Bad IP address \"%s\"\n",
- dash+1);
- range->max_ip = ip->s_addr;
+ if (family == NFPROTO_IPV6) {
+ ia6 = xtables_numeric_to_ip6addr(arg);
+ if (ia6 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, arg);
+ range[0].in6 = *ia6;
+ if (dash == NULL) {
+ range[1] = range[0];
+ return;
+ }
+ ia6 = xtables_numeric_to_ip6addr(dash + 1);
+ if (ia6 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, dash + 1);
+ range[1].in6 = *ia6;
} else {
- range->max_ip = range->min_ip;
+ ia4 = xtables_numeric_to_ipaddr(arg);
+ if (ia4 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, arg);
+ range[0].in = *ia4;
+ if (dash == NULL) {
+ range[1] = range[0];
+ return;
+ }
+ ia4 = xtables_numeric_to_ipaddr(dash + 1);
+ if (ia4 == NULL)
+ xtables_param_act(XTF_BAD_VALUE, "iprange",
+ optname, dash + 1);
+ range[1].in = *ia4;
}
}
const void *entry, struct xt_entry_match **match)
{
struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+ union nf_inet_addr range[2];
switch (c) {
case '1':
xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags |= IPRANGE_SRC_INV;
- parse_iprange(optarg, &info->src);
+ iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
break;
if (invert)
info->flags |= IPRANGE_DST_INV;
- parse_iprange(optarg, &info->dst);
+ iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
break;
const void *entry, struct xt_entry_match **match)
{
struct xt_iprange_mtinfo *info = (void *)(*match)->data;
- const struct in_addr *ia;
- char *end;
switch (c) {
case '1': /* --src-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ipaddr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- memcpy(&info->src_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ipaddr(end+1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
- memcpy(&info->src_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV4,
+ "--src-range");
info->flags |= IPRANGE_SRC;
if (invert)
info->flags |= IPRANGE_SRC_INV;
return true;
case '2': /* --dst-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ipaddr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- memcpy(&info->dst_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ipaddr(end + 1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
- memcpy(&info->dst_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV4,
+ "--dst-range");
info->flags |= IPRANGE_DST;
if (invert)
info->flags |= IPRANGE_DST_INV;
const void *entry, struct xt_entry_match **match)
{
struct xt_iprange_mtinfo *info = (void *)(*match)->data;
- const struct in6_addr *ia;
- char *end;
switch (c) {
case '1': /* --src-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ip6addr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", optarg);
- memcpy(&info->src_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ip6addr(end+1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--src-range", end + 1);
- memcpy(&info->src_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->src_min, NFPROTO_IPV6,
+ "--src-range");
info->flags |= IPRANGE_SRC;
if (invert)
info->flags |= IPRANGE_SRC_INV;
return true;
case '2': /* --dst-range */
- end = strchr(optarg, '-');
- if (end == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- *end = '\0';
- ia = xtables_numeric_to_ip6addr(optarg);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", optarg);
- memcpy(&info->dst_min.in, ia, sizeof(*ia));
- ia = xtables_numeric_to_ip6addr(end + 1);
- if (ia == NULL)
- xtables_param_act(XTF_BAD_VALUE, "iprange", "--dst-range", end + 1);
- memcpy(&info->dst_max.in, ia, sizeof(*ia));
+ iprange_parse_range(optarg, &info->dst_min, NFPROTO_IPV6,
+ "--dst-range");
info->flags |= IPRANGE_DST;
if (invert)
info->flags |= IPRANGE_DST_INV;
projects / thirdparty / iptables.git / commitdiff
