libiptc_libip6tc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
lib_LTLIBRARIES += libxtables.la
-libxtables_la_SOURCES = xtables.c
+libxtables_la_SOURCES = xtables.c xtoptions.c
libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
if ENABLE_SHARED
libxtables_la_CFLAGS = ${AM_CFLAGS}
#include <sys/types.h>
#include <limits.h>
#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
#include <netinet/in.h>
#include <net/if.h>
#include <linux/types.h>
struct in_addr;
+/*
+ * .size is here so that there is a somewhat reasonable check
+ * against the chosen .type.
+ */
+#define XTOPT_POINTER(stype, member) \
+ .ptroff = offsetof(stype, member), \
+ .size = sizeof(((stype *)NULL)->member)
+#define XTOPT_TABLEEND {.name = NULL}
+
+/**
+ * %XTTYPE_NONE: option takes no argument
+ */
+enum xt_option_type {
+ XTTYPE_NONE,
+};
+
+/**
+ * %XTOPT_INVERT: option is invertible (usable with !)
+ * %XTOPT_MAND: option is mandatory
+ * %XTOPT_MULTI: option may be specified multiple times
+ * %XTOPT_PUT: store value into memory at @ptroff
+ */
+enum xt_option_flags {
+ XTOPT_INVERT = 1 << 0,
+ XTOPT_MAND = 1 << 1,
+ XTOPT_MULTI = 1 << 2,
+ XTOPT_PUT = 1 << 3,
+};
+
+/**
+ * @name: name of option
+ * @type: type of input and validation method, see %XTTYPE_*
+ * @id: unique number (within extension) for option, 0-31
+ * @excl: bitmask of flags that cannot be used with this option
+ * @also: bitmask of flags that must be used with this option
+ * @flags: bitmask of option flags, see %XTOPT_*
+ * @ptroff: offset into private structure for member
+ * @size: size of the item pointed to by @ptroff; this is a safeguard
+ */
+struct xt_option_entry {
+ const char *name;
+ enum xt_option_type type;
+ unsigned int id, excl, also, flags;
+ unsigned int ptroff;
+ size_t size;
+};
+
+/**
+ * @arg: input from command line
+ * @ext_name: name of extension currently being processed
+ * @entry: current option being processed
+ * @data: per-extension data block
+ * @xflags: options of the extension that have been used
+ * @invert: whether option was used with !
+ * @val: parsed result
+ */
+struct xt_option_call {
+ const char *arg, *ext_name;
+ const struct xt_option_entry *entry;
+ void *data;
+ unsigned int xflags;
+ bool invert;
+ union {
+ /* to be filled */
+ } val;
+};
+
/* Include file for additions: new matches and targets. */
struct xtables_match
{
/* Pointer to list of extra command-line options */
const struct option *extra_opts;
+ /* New parser */
+ void (*x6_parse)(struct xt_option_call *);
+ const struct xt_option_entry *x6_options;
+
/* Ignore these men behind the curtain: */
unsigned int option_offset;
struct xt_entry_match *m;
/* Pointer to list of extra command-line options */
const struct option *extra_opts;
+ /* New parser */
+ void (*x6_parse)(struct xt_option_call *);
+ const struct xt_option_entry *x6_options;
+
/* Ignore these men behind the curtain: */
unsigned int option_offset;
struct xt_entry_target *t;
extern const struct xtables_pprot xtables_chain_protos[];
extern u_int16_t xtables_parse_protocol(const char *s);
+/* xtoptions.c */
+extern void xtables_option_metavalidate(const char *,
+ const struct xt_option_entry *);
+extern struct option *xtables_options_xfrm(struct option *, struct option *,
+ const struct xt_option_entry *,
+ unsigned int *);
+extern void xtables_option_parse(struct xt_option_call *);
+extern void xtables_option_tpcall(unsigned int, char **, bool,
+ struct xtables_target *, void *);
+extern void xtables_option_mpcall(unsigned int, char **, bool,
+ struct xtables_match *, void *);
+extern void xtables_options_fcheck(const char *, unsigned int,
+ const struct xt_option_entry *);
+
#ifdef XTABLES_INTERNAL
/* Shipped modules rely on this... */
struct xtables_rule_match *matchp;
struct xtables_match *m;
- if (cs->target != NULL && cs->target->parse != NULL &&
+ if (cs->target != NULL &&
+ (cs->target->parse != NULL || cs->target->x6_parse != NULL) &&
cs->c >= cs->target->option_offset &&
cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
- cs->target->parse(cs->c - cs->target->option_offset, cs->argv,
- cs->invert, &cs->target->tflags, &cs->fw6,
- &cs->target->t);
+ xtables_option_tpcall(cs->c, cs->argv, cs->invert,
+ cs->target, &cs->fw);
return;
}
for (matchp = cs->matches; matchp; matchp = matchp->next) {
m = matchp->match;
- if (matchp->completed || m->parse == NULL)
+ if (matchp->completed ||
+ (m->x6_parse == NULL && m->parse == NULL))
continue;
if (cs->c < matchp->match->option_offset ||
cs->c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE)
continue;
- m->parse(cs->c - m->option_offset, cs->argv, cs->invert,
- &m->mflags, &cs->fw6, &m->m);
+ xtables_option_mpcall(cs->c, cs->argv, cs->invert, m, &cs->fw);
return;
}
if (m->init != NULL)
m->init(m->m);
- opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
- m->extra_opts, &m->option_offset);
-
+ if (m->x6_options != NULL)
+ opts = xtables_options_xfrm(ip6tables_globals.orig_opts,
+ opts, m->x6_options,
+ &m->option_offset);
+ else
+ opts = xtables_merge_options(ip6tables_globals.orig_opts,
+ opts,
+ m->extra_opts,
+ &m->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
optind--;
return;
}
cs->target->t->u.user.revision = cs->target->revision;
if (cs->target->init != NULL)
cs->target->init(cs->target->t);
- opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
- cs->target->extra_opts,
- &cs->target->option_offset);
+ if (cs->target->x6_options != NULL)
+ opts = xtables_options_xfrm(ip6tables_globals.orig_opts, opts,
+ cs->target->x6_options,
+ &cs->target->option_offset);
+ else
+ opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
+ cs->target->extra_opts,
+ &cs->target->option_offset);
if (opts == NULL)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
m->m->u.user.revision = m->revision;
if (m->init != NULL)
m->init(m->m);
- if (m != m->next)
- /* Merge options for non-cloned matches */
+ if (m == m->next)
+ return;
+ /* Merge options for non-cloned matches */
+ if (m->x6_options != NULL)
+ opts = xtables_options_xfrm(ip6tables_globals.orig_opts, opts,
+ m->x6_options, &m->option_offset);
+ else if (m->extra_opts != NULL)
opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
m->extra_opts, &m->option_offset);
}
cs.invert = FALSE;
}
- for (matchp = cs.matches; matchp; matchp = matchp->next)
+ for (matchp = cs.matches; matchp; matchp = matchp->next) {
+ if (matchp->match->x6_options != NULL)
+ xtables_options_fcheck(matchp->match->name,
+ matchp->match->mflags,
+ matchp->match->x6_options);
if (matchp->match->final_check != NULL)
matchp->match->final_check(matchp->match->mflags);
+ }
+ if (cs.target != NULL && cs.target->x6_options != NULL)
+ xtables_options_fcheck(cs.target->name, cs.target->tflags,
+ cs.target->x6_options);
if (cs.target != NULL && cs.target->final_check != NULL)
cs.target->final_check(cs.target->tflags);
struct xtables_rule_match *matchp;
struct xtables_match *m;
- if (cs->target != NULL && cs->target->parse != NULL &&
+ if (cs->target != NULL &&
+ (cs->target->parse != NULL || cs->target->x6_parse != NULL) &&
cs->c >= cs->target->option_offset &&
cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) {
- cs->target->parse(cs->c - cs->target->option_offset, cs->argv,
- cs->invert, &cs->target->tflags, &cs->fw,
- &cs->target->t);
+ xtables_option_tpcall(cs->c, cs->argv, cs->invert,
+ cs->target, &cs->fw);
return;
}
for (matchp = cs->matches; matchp; matchp = matchp->next) {
m = matchp->match;
- if (matchp->completed || m->parse == NULL)
+ if (matchp->completed ||
+ (m->x6_parse == NULL && m->parse == NULL))
continue;
if (cs->c < m->option_offset ||
cs->c >= m->option_offset + XT_OPTION_OFFSET_SCALE)
continue;
- m->parse(cs->c - m->option_offset, cs->argv, cs->invert,
- &m->mflags, &cs->fw, &m->m);
+ xtables_option_mpcall(cs->c, cs->argv, cs->invert, m, &cs->fw);
return;
}
if (m->init != NULL)
m->init(m->m);
- opts = xtables_merge_options(iptables_globals.orig_opts, opts,
- m->extra_opts, &m->option_offset);
+ if (m->x6_options != NULL)
+ opts = xtables_options_xfrm(iptables_globals.orig_opts,
+ opts, m->x6_options,
+ &m->option_offset);
+ else
+ opts = xtables_merge_options(iptables_globals.orig_opts,
+ opts,
+ m->extra_opts,
+ &m->option_offset);
if (opts == NULL)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
cs->target->t->u.user.revision = cs->target->revision;
if (cs->target->init != NULL)
cs->target->init(cs->target->t);
- opts = xtables_merge_options(iptables_globals.orig_opts, opts,
- cs->target->extra_opts,
- &cs->target->option_offset);
+ if (cs->target->x6_options != NULL)
+ opts = xtables_options_xfrm(iptables_globals.orig_opts, opts,
+ cs->target->x6_options,
+ &cs->target->option_offset);
+ else
+ opts = xtables_merge_options(iptables_globals.orig_opts, opts,
+ cs->target->extra_opts,
+ &cs->target->option_offset);
if (opts == NULL)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
m->m->u.user.revision = m->revision;
if (m->init != NULL)
m->init(m->m);
- if (m != m->next) {
- /* Merge options for non-cloned matches */
+ if (m == m->next)
+ return;
+ /* Merge options for non-cloned matches */
+ if (m->x6_options != NULL)
+ opts = xtables_options_xfrm(iptables_globals.orig_opts, opts,
+ m->x6_options, &m->option_offset);
+ else if (m->extra_opts != NULL)
opts = xtables_merge_options(iptables_globals.orig_opts, opts,
m->extra_opts, &m->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM, "can't alloc memory!");
- }
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle)
"\nThe \"nat\" table is not intended for filtering, "
"the use of DROP is therefore inhibited.\n\n");
- for (matchp = cs.matches; matchp; matchp = matchp->next)
+ for (matchp = cs.matches; matchp; matchp = matchp->next) {
+ if (matchp->match->x6_options != NULL)
+ xtables_options_fcheck(matchp->match->name,
+ matchp->match->mflags,
+ matchp->match->x6_options);
if (matchp->match->final_check != NULL)
matchp->match->final_check(matchp->match->mflags);
+ }
+ if (cs.target != NULL && cs.target->x6_options != NULL)
+ xtables_options_fcheck(cs.target->name, cs.target->tflags,
+ cs.target->x6_options);
if (cs.target != NULL && cs.target->final_check != NULL)
cs.target->final_check(cs.target->tflags);
struct xtables_rule_match;
struct xtables_target;
+/**
+ * xtables_afinfo - protocol family dependent information
+ * @kmod: kernel module basename (e.g. "ip_tables")
+ * @libprefix: prefix of .so library name (e.g. "libipt_")
+ * @family: nfproto family
+ * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
+ * @so_rev_match: optname to check revision support of match
+ * @so_rev_target: optname to check revision support of target
+ */
+struct xtables_afinfo {
+ const char *kmod;
+ const char *libprefix;
+ uint8_t family;
+ uint8_t ipproto;
+ int so_rev_match;
+ int so_rev_target;
+};
+
struct iptables_command_state {
union {
struct ipt_entry fw;
extern struct xtables_match *load_proto(struct iptables_command_state *);
extern int subcmd_main(int, char **, const struct subcommand *);
+extern const struct xtables_afinfo *afinfo;
+
#endif /* IPTABLES_XSHARED_H */
# define IP6T_SO_GET_REVISION_TARGET 69
#endif
#include <getopt.h>
+#include "iptables/internal.h"
#include "xshared.h"
#define NPROTO 255
return merge;
}
-/**
- * xtables_afinfo - protocol family dependent information
- * @kmod: kernel module basename (e.g. "ip_tables")
- * @libprefix: prefix of .so library name (e.g. "libipt_")
- * @family: nfproto family
- * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
- * @so_rev_match: optname to check revision support of match
- * @so_rev_target: optname to check revision support of target
- */
-struct xtables_afinfo {
- const char *kmod;
- const char *libprefix;
- uint8_t family;
- uint8_t ipproto;
- int so_rev_match;
- int so_rev_target;
-};
-
static const struct xtables_afinfo afinfo_ipv4 = {
.kmod = "ip_tables",
.libprefix = "libipt_",
.so_rev_target = IP6T_SO_GET_REVISION_TARGET,
};
-static const struct xtables_afinfo *afinfo;
+const struct xtables_afinfo *afinfo;
/* Search path for Xtables .so files */
static const char *xtables_libdir;
exit(1);
}
+ if (me->x6_options != NULL)
+ xtables_option_metavalidate(me->name, me->x6_options);
if (me->extra_opts != NULL)
xtables_check_options(me->name, me->extra_opts);
exit(1);
}
+ if (me->x6_options != NULL)
+ xtables_option_metavalidate(me->name, me->x6_options);
if (me->extra_opts != NULL)
xtables_check_options(me->name, me->extra_opts);
--- /dev/null
+/*
+ * Argument parser
+ * Copyright © Jan Engelhardt, 2011
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ */
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <netdb.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <arpa/inet.h>
+#include "xtables.h"
+#include "xshared.h"
+
+#define XTOPT_MKPTR(cb) \
+ ((void *)((char *)(cb)->data + (cb)->entry->ptroff))
+
+/**
+ * Creates getopt options from the x6-style option map, and assigns each a
+ * getopt id.
+ */
+struct option *
+xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
+ const struct xt_option_entry *entry, unsigned int *offset)
+{
+ unsigned int num_orig, num_old = 0, num_new, i;
+ struct option *merge, *mp;
+
+ if (entry == NULL)
+ return oldopts;
+ for (num_orig = 0; orig_opts[num_orig].name != NULL; ++num_orig)
+ ;
+ if (oldopts != NULL)
+ for (num_old = 0; oldopts[num_old].name != NULL; ++num_old)
+ ;
+ for (num_new = 0; entry[num_new].name != NULL; ++num_new)
+ ;
+
+ /*
+ * Since @oldopts also has @orig_opts already (and does so at the
+ * start), skip these entries.
+ */
+ oldopts += num_orig;
+ num_old -= num_orig;
+
+ merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1));
+ if (merge == NULL)
+ return NULL;
+
+ /* Let the base options -[ADI...] have precedence over everything */
+ memcpy(merge, orig_opts, sizeof(*mp) * num_orig);
+ mp = merge + num_orig;
+
+ /* Second, the new options */
+ xt_params->option_offset += XT_OPTION_OFFSET_SCALE;
+ *offset = xt_params->option_offset;
+
+ for (i = 0; i < num_new; ++i, ++mp, ++entry) {
+ mp->name = entry->name;
+ mp->has_arg = entry->type != XTTYPE_NONE;
+ mp->flag = NULL;
+ mp->val = entry->id + *offset;
+ }
+
+ /* Third, the old options */
+ memcpy(mp, oldopts, sizeof(*mp) * num_old);
+ mp += num_old;
+ xtables_free_opts(0);
+
+ /* Clear trailing entry */
+ memset(mp, 0, sizeof(*mp));
+ return merge;
+}
+
+static void (*const xtopt_subparse[])(struct xt_option_call *) = {
+ [XTTYPE_NONE] = NULL,
+};
+
+static const size_t xtopt_psize[] = {
+ [XTTYPE_NONE] = 0,
+};
+
+/**
+ * The master option parsing routine. May be used for the ".x6_parse"
+ * function pointer in extensions if fully automatic parsing is desired.
+ * It may be also called manually from a custom x6_parse function.
+ */
+void xtables_option_parse(struct xt_option_call *cb)
+{
+ const struct xt_option_entry *entry = cb->entry;
+ unsigned int eflag = 1 << cb->entry->id;
+
+ /*
+ * With {.id = P_FOO, .excl = P_FOO} we can have simple double-use
+ * prevention. Though it turned out that this is too much typing (most
+ * of the options are one-time use only), so now we also have
+ * %XTOPT_MULTI.
+ */
+ if ((!(entry->flags & XTOPT_MULTI) || (entry->excl & eflag)) &&
+ cb->xflags & eflag)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" can only be used once.\n",
+ cb->ext_name, cb->entry->name);
+ if (cb->invert && !(entry->flags & XTOPT_INVERT))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" cannot be inverted.\n",
+ cb->ext_name, entry->name);
+ if (entry->type != XTTYPE_NONE && optarg == NULL)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" requires an argument.\n",
+ cb->ext_name, entry->name);
+ if (entry->type <= ARRAY_SIZE(xtopt_subparse) &&
+ xtopt_subparse[entry->type] != NULL)
+ xtopt_subparse[entry->type](cb);
+ /* Exclusion with other flags tested later in finalize. */
+ cb->xflags |= 1 << entry->id;
+}
+
+/**
+ * Verifies that an extension's option map descriptor is valid, and ought to
+ * be called right after the extension has been loaded, and before option
+ * merging/xfrm.
+ */
+void xtables_option_metavalidate(const char *name,
+ const struct xt_option_entry *entry)
+{
+ for (; entry->name != NULL; ++entry) {
+ if (entry->id >= CHAR_BIT * sizeof(unsigned int) ||
+ entry->id >= XT_OPTION_OFFSET_SCALE)
+ xt_params->exit_err(OTHER_PROBLEM,
+ "Extension %s uses invalid ID %u\n",
+ name, entry->id);
+ if (!(entry->flags & XTOPT_PUT))
+ continue;
+ if (entry->type >= ARRAY_SIZE(xtopt_psize))
+ xt_params->exit_err(OTHER_PROBLEM,
+ "%s: entry type of option \"--%s\" cannot be "
+ "combined with XTOPT_PUT\n",
+ name, entry->name);
+ if (xtopt_psize[entry->type] != entry->size)
+ xt_params->exit_err(OTHER_PROBLEM,
+ "%s: option \"--%s\" points to a memory block "
+ "of wrong size (expected %zu, got %zu)\n",
+ name, entry->name,
+ xtopt_psize[entry->type], entry->size);
+ }
+}
+
+/**
+ * Find an option entry by its id.
+ */
+static const struct xt_option_entry *
+xtables_option_lookup(const struct xt_option_entry *entry, unsigned int id)
+{
+ for (; entry->name != NULL; ++entry)
+ if (entry->id == id)
+ return entry;
+ return NULL;
+}
+
+/**
+ * @c: getopt id (i.e. with offset)
+ * @fw: struct ipt_entry or ip6t_entry
+ *
+ * Dispatch arguments to the appropriate parse function, based upon the
+ * extension's choice of API.
+ */
+void xtables_option_tpcall(unsigned int c, char **argv, bool invert,
+ struct xtables_target *t, void *fw)
+{
+ struct xt_option_call cb;
+
+ if (t->x6_parse == NULL) {
+ if (t->parse != NULL)
+ t->parse(c - t->option_offset, argv, invert,
+ &t->tflags, fw, &t->t);
+ return;
+ }
+
+ c -= t->option_offset;
+ cb.entry = xtables_option_lookup(t->x6_options, c);
+ if (cb.entry == NULL)
+ xtables_error(OTHER_PROBLEM,
+ "Extension does not know id %u\n", c);
+ cb.arg = optarg;
+ cb.invert = invert;
+ cb.ext_name = t->name;
+ cb.data = t->t->data;
+ cb.xflags = t->tflags;
+ t->x6_parse(&cb);
+ t->tflags = cb.xflags;
+}
+
+/**
+ * @c: getopt id (i.e. with offset)
+ * @fw: struct ipt_entry or ip6t_entry
+ *
+ * Dispatch arguments to the appropriate parse function, based upon the
+ * extension's choice of API.
+ */
+void xtables_option_mpcall(unsigned int c, char **argv, bool invert,
+ struct xtables_match *m, void *fw)
+{
+ struct xt_option_call cb;
+
+ if (m->x6_parse == NULL) {
+ if (m->parse != NULL)
+ m->parse(c - m->option_offset, argv, invert,
+ &m->mflags, fw, &m->m);
+ return;
+ }
+
+ c -= m->option_offset;
+ cb.entry = xtables_option_lookup(m->x6_options, c);
+ if (cb.entry == NULL)
+ xtables_error(OTHER_PROBLEM,
+ "Extension does not know id %u\n", c);
+ cb.arg = optarg;
+ cb.invert = invert;
+ cb.ext_name = m->name;
+ cb.data = m->m->data;
+ cb.xflags = m->mflags;
+ m->x6_parse(&cb);
+ m->mflags = cb.xflags;
+}
+
+/**
+ * @name: name of extension
+ * @entry: current option (from all ext's entries) being validated
+ * @xflags: flags the extension has collected
+ * @i: conflicting option (id) to test for
+ */
+static void
+xtables_option_fcheck2(const char *name, const struct xt_option_entry *entry,
+ const struct xt_option_entry *other,
+ unsigned int xflags)
+{
+ unsigned int ef = 1 << entry->id, of = 1 << other->id;
+
+ if (entry->also & of && !(xflags & of))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" also requires \"--%s\".\n",
+ name, entry->name, other->name);
+
+ if (!(entry->excl & of))
+ /* Use of entry does not collide with other option, good. */
+ return;
+ if ((xflags & (ef | of)) != (ef | of))
+ /* Conflicting options were not used. */
+ return;
+
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" cannot be used together with \"--%s\".\n",
+ name, entry->name, other->name);
+}
+
+/**
+ * @name: name of extension
+ * @xflags: accumulated flags
+ * @entry: extension's option table
+ *
+ * Check that all option constraints have been met. This effectively replaces
+ * ->final_check of the older API.
+ */
+void xtables_options_fcheck(const char *name, unsigned int xflags,
+ const struct xt_option_entry *table)
+{
+ const struct xt_option_entry *entry, *other;
+ unsigned int i;
+
+ for (entry = table; entry->name != NULL; ++entry) {
+ if (entry->flags & XTOPT_MAND &&
+ !(xflags & (1 << entry->id)))
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "%s: option \"--%s\" must be specified\n",
+ name, entry->name);
+
+ for (i = 0; i < CHAR_BIT * sizeof(entry->id); ++i) {
+ if (entry->id == i)
+ /*
+ * Avoid conflict with self. Multi-use check
+ * was done earlier in xtables_option_parse.
+ */
+ continue;
+ other = xtables_option_lookup(table, i);
+ if (other == NULL)
+ continue;
+ xtables_option_fcheck2(name, entry, other, xflags);
+ }
+ }
+}
projects / thirdparty / iptables.git / commitdiff
