loginfo->level = LOG_DEFAULT_LEVEL;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
struct ip6t_log_names {
/* default */
reject->with = IP6T_ICMP6_PORT_UNREACH;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
{ .name = 0 }
};
-
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ip6t_entry *entry, unsigned int *nfcache,
.size = IP6T_ALIGN(sizeof(struct condition6_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct condition6_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IP6T_ALIGN(sizeof(int)),
.userspacesize = IP6T_ALIGN(sizeof(int)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
init(struct ip6t_entry_match *m, unsigned int *nfcache)
{
struct ip6t_fuzzy_info *presentinfo = (struct ip6t_fuzzy_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
-
/*
* Default rates ( I'll improve this very soon with something based
* on real statistics of the running machine ) .
, IPTABLES_VERSION);
}
-static void init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ip6t_entry *entry, unsigned int *nfcache,
struct ip6t_entry_match **match)
.size = IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-static unsigned int
+static void
parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[])
{
unsigned int limit = sizeof(icmpv6_codes)/sizeof(struct icmpv6_names);
code[1] = 0xFF;
}
}
-
- if (code[0] == 0 && code[1] == 0xFF)
- return NFC_IP6_SRC_PT;
- else return NFC_IP6_SRC_PT | NFC_IP6_DST_PT;
}
/* Initialize the match. */
switch (c) {
case '1':
check_inverse(optarg, &invert, &optind, 0);
- *nfcache |= parse_icmpv6(argv[optind-1],
- &icmpv6info->type,
- icmpv6info->code);
+ parse_icmpv6(argv[optind-1], &icmpv6info->type,
+ icmpv6info->code);
if (invert)
icmpv6info->invflags |= IP6T_ICMP_INV;
break;
info->matchflags = 0x00;
info->invflags = 0x00;
info->modeflag = 0x00;
- /* No caching (yet) */
- *nfcache |= NFC_UNKNOWN;
}
static unsigned int
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static u_int16_t
parse_length(const char *s)
{
.size = IP6T_ALIGN(sizeof(struct ip6t_length_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_length_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
parse_rate(IP6T_LIMIT_AVG, &r->avg);
r->burst = IP6T_LIMIT_BURST;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* FIXME: handle overflow:
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_mac(const char *mac, struct ip6t_mac_info *info)
{
.size = IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IP6T_MULTIPORT_SOURCE;
- *nfcache |= NFC_IP6_SRC_PT;
break;
case '2':
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IP6T_MULTIPORT_DESTINATION;
- *nfcache |= NFC_IP6_DST_PT;
break;
case '3':
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IP6T_MULTIPORT_EITHER;
- *nfcache |= NFC_IP6_SRC_PT | NFC_IP6_DST_PT;
break;
default:
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
#define IP6T_NTH_OPT_EVERY 0x01
#define IP6T_NTH_OPT_NOT_EVERY 0x02
#define IP6T_NTH_OPT_START 0x04
.size = IP6T_ALIGN(sizeof(struct ip6t_nth_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_nth_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IP6T_ALIGN(sizeof(struct ip6t_owner_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_owner_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
init(struct ip6t_entry_match *m, unsigned int *nfcache)
{
struct ip6t_rand_info *randinfo = (struct ip6t_rand_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
/* We assign the average to be 50 which is our default value */
/* 50 * 2.55 = 128 */
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_SRCPT;
*flags |= TCP_SRC_PORTS;
- *nfcache |= NFC_IP6_SRC_PT;
break;
case '2':
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_DSTPT;
*flags |= TCP_DST_PORTS;
- *nfcache |= NFC_IP6_DST_PT;
break;
case '3':
" allowed");
parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP6_TCPFLAGS;
break;
case '4':
invert);
optind++;
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP6_TCPFLAGS;
break;
case '5':
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_OPTION;
*flags |= TCP_OPTION;
- *nfcache |= NFC_IP6_PROTO_UNKNOWN;
break;
default:
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_SRCPT;
*flags |= UDP_SRC_PORTS;
- *nfcache |= NFC_IP6_SRC_PT;
break;
case '2':
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;
- *nfcache |= NFC_IP6_DST_PT;
break;
default:
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses range of IPs */
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static struct ipt_natinfo *
append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
{
.size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
ipmarkinfo->andmask=0xffffffff;
ipmarkinfo->ormask=0;
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static void help(void)
{
printf("IPV4OPTSSTRIP v%s target takes no option !! Make sure you use it in the mangle table.\n",
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
loginfo->level = LOG_DEFAULT_LEVEL;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
struct ipt_log_names {
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses ports */
nld->flags=0;
- *nfcache |= NFC_UNKNOWN;
}
/* Parse command options */
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses network address */
ipi->src = ipi->dst = IP_POOL_NONE;
ipi->flags = 0;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses ports */
/* default */
reject->with = IPT_ICMP_PORT_UNREACHABLE;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
mr->info = 0;
mr->ipnum = 0;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses range of IPs */
info->add_set.index =
info->del_set.index = IP_SET_INVALID_ID;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
static void
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static struct ipt_natinfo *
append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
{
.size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{ 0 }
};
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
* our own private data structure (which is at t->data).
* Probably we could fiddle with t->tflags too but there is
* no great advantage in doing so.
- *
- * TODO: Find documentation for the above flags which
- * can be ored into nfcache...
- *
- * NFC_IP6_DST_PT
- * NFC_IP6_PROTO_UNKNOWN
- * NFC_IP6_SRC_PT
- * NFC_IP6_TCPFLAGS
- * NFC_IP_DST_PT
- * NFC_IP_SRC_PT
- * NFC_IP_TOS
- * NFC_UNKNOWN -- This one seems safest
*/
static void init( struct ipt_entry_target *t, unsigned int *nfcache )
{
memset( el, 0, sizeof( struct ipt_tcplag ));
el->level = 4; /* Default to warning level */
strcpy( el->prefix, "TCPLAG:" ); /* Give a reasonable default prefix */
- *nfcache |= NFC_UNKNOWN;
}
/*
loginfo->nl_group = ULOG_DEFAULT_NLGROUP;
loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
#define IPT_LOG_OPT_NLGROUP 0x01
struct t_ipt_account_info *info = (struct t_ipt_account_info *)(match)->data;
- *nfcache |= NFC_UNKNOWN;
/* set default table name to DEFAULT */
strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN);
help_types();
}
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse_type(const char *name, size_t strlen, u_int16_t *mask)
{
.size = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{ .name = 0 }
};
-/* Initialize the match. */
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it ate an option */
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
.size = IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_comment(const unsigned char *s, struct ipt_comment_info *info)
{
.size = IPT_ALIGN(sizeof(struct ipt_comment_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_comment_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{ .name = 0 }
};
-
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
.size = IPT_ALIGN(sizeof(struct condition_info)),
.userspacesize = IPT_ALIGN(sizeof(struct condition_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_range(const char *arg, struct ipt_connbytes_info *si)
{
.size = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
.userspacesize = offsetof(struct ipt_connlimit_info,data),
.help = help,
- .init = init,
.parse = parse,
.final_check = final_check,
.print = print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static u_int32_t
parse_value(const char *arg, u_int32_t def)
{
.size = IPT_ALIGN(sizeof(struct ipt_connrate_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_connrate_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo)
{
.size = IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
/* This is evil, but it's my code - HW*/
#include "libipt_dscp_helper.c"
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_TOS;
-}
-
static void help(void)
{
printf(
.size = IPT_ALIGN(sizeof(struct ipt_dscp_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_dscp_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
r->cfg.gc_interval = IPT_DSTLIMIT_GCINTERVAL;
r->cfg.expire = IPT_DSTLIMIT_EXPIRE;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
#define PARAM_LIMIT 0x00000001
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_ecn.h>
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_TOS;
-}
-
static void help(void)
{
printf(
.size = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_fuzzy_info *presentinfo = (struct ipt_fuzzy_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
/*
* Default rates ( I'll improve this very soon with something based
r->cfg.gc_interval = IPT_HASHLIMIT_GCINTERVAL;
r->cfg.expire = IPT_HASHLIMIT_EXPIRE;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.version = IPTABLES_VERSION,
.size = IPT_ALIGN(sizeof(struct ipt_helper_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-static unsigned int
+static void
parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[])
{
unsigned int limit = sizeof(icmp_codes)/sizeof(struct icmp_names);
code[1] = 0xFF;
}
}
-
- if (code[0] == 0 && code[1] == 0xFF)
- return NFC_IP_SRC_PT;
- else return NFC_IP_SRC_PT | NFC_IP_DST_PT;
}
/* Initialize the match. */
switch (c) {
case '1':
check_inverse(optarg, &invert, &optind, 0);
- *nfcache |= parse_icmp(argv[optind-1],
- &icmpinfo->type,
- icmpinfo->code);
+ parse_icmp(argv[optind-1], &icmpinfo->type,
+ icmpinfo->code);
if (invert)
icmpinfo->invflags |= IPT_ICMP_INV;
break;
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_iprange(char *arg, struct ipt_iprange *range)
{
.size = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static u_int16_t
parse_length(const char *s)
{
.size = IPT_ALIGN(sizeof(struct ipt_length_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_length_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
parse_rate(IPT_LIMIT_AVG, &r->avg);
r->burst = IPT_LIMIT_BURST;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* FIXME: handle overflow:
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_mac(const char *mac, struct ipt_mac_info *info)
{
.size = IPT_ALIGN(sizeof(struct ipt_mac_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_mac_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IPT_ALIGN(sizeof(struct ipt_mark_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
proto = check_proto(entry);
parse_multi_ports(argv[optind-1], minfo, proto);
minfo->flags = IPT_MPORT_SOURCE;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
proto = check_proto(entry);
parse_multi_ports(argv[optind-1], minfo, proto);
minfo->flags = IPT_MPORT_DESTINATION;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
proto = check_proto(entry);
parse_multi_ports(argv[optind-1], minfo, proto);
minfo->flags = IPT_MPORT_EITHER;
- *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT;
break;
default:
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IPT_MULTIPORT_SOURCE;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IPT_MULTIPORT_DESTINATION;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IPT_MULTIPORT_EITHER;
- *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT;
break;
default:
proto = check_proto(entry);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = IPT_MULTIPORT_SOURCE;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
proto = check_proto(entry);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = IPT_MULTIPORT_DESTINATION;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
proto = check_proto(entry);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = IPT_MULTIPORT_EITHER;
- *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT;
break;
default:
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
#define IPT_NTH_OPT_EVERY 0x01
#define IPT_NTH_OPT_NOT_EVERY 0x02
#define IPT_NTH_OPT_START 0x04
.size = IPT_ALIGN(sizeof(struct ipt_nth_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_nth_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{ .name = 0 }
};
-
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static void parse_string(const unsigned char *s, struct ipt_osf_info *info)
{
if (strlen(s) < MAXGENRELEN)
.size = IPT_ALIGN(sizeof(struct ipt_osf_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_osf_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IPT_ALIGN(sizeof(struct ipt_owner_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_owner_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{0}
};
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static void parse_pkttype(const char *pkttype, struct ipt_pkttype_info *info)
{
unsigned int i;
.size = IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
info->src = IP_POOL_NONE;
info->dst = IP_POOL_NONE;
info->flags = 0;
- /* Can't cache this - XXX */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it ate an option */
psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD;
psdinfo->lo_ports_weight = PORT_WEIGHT_PRIV;
psdinfo->hi_ports_weight = PORT_WEIGHT_HIGH;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
" --quota quota quota (bytes)\n" "\n");
}
-/* initialise match */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* no can cache */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* print matchinfo */
static void
print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
.size = IPT_ALIGN(sizeof (struct ipt_quota_info)),
.userspacesize = IPT_ALIGN(sizeof (struct ipt_quota_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_rand_info *randinfo = (struct ipt_rand_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
/* We assign the average to be 50 which is our default value */
/* 50 * 2.55 = 128 */
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IPT_ALIGN(sizeof(struct ipt_realm_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_realm_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{
struct ipt_recent_info *info = (struct ipt_recent_info *)(match)->data;
- *nfcache |= NFC_UNKNOWN;
strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN);
/* eventhough IPT_RECENT_NAME_LEN is currently defined as 200,
{0}
};
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
-
/* Function which parses command options; returns true if it
ate an option */
static int
}
static
-struct iptables_match record_rpc
-= { NULL,
- "record_rpc",
- IPTABLES_VERSION,
- IPT_ALIGN(0),
- IPT_ALIGN(0),
- &help,
- &init,
- &parse,
- &final_check,
- &print,
- &save,
- opts
+struct iptables_match record_rpc = {
+ .next = NULL,
+ .name = "record_rpc",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(0),
+ .userspacesize = IPT_ALIGN(0),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
};
void _init(void)
struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
/* initialise those funky user vars */
rpcinfo->i_procs = -1;
if (invert)
einfo->invflags |= IPT_SCTP_SRC_PORTS;
*flags |= IPT_SCTP_SRC_PORTS;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
if (invert)
einfo->invflags |= IPT_SCTP_DEST_PORTS;
*flags |= IPT_SCTP_DEST_PORTS;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
memset(info, 0, sizeof(struct ipt_set_info_match));
- /* Can't cache this - XXX */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it ate an option */
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo)
{
.size = IPT_ALIGN(sizeof(struct ipt_state_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_state_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{ .name = 0 }
};
-
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static void
parse_string(const unsigned char *s, struct ipt_string_info *info)
{
.size = IPT_ALIGN(sizeof(struct ipt_string_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_string_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_SRCPT;
*flags |= TCP_SRC_PORTS;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_DSTPT;
*flags |= TCP_DST_PORTS;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
" allowed");
parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP_TCPFLAGS;
break;
case '4':
invert);
optind++;
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP_TCPFLAGS;
break;
case '5':
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_OPTION;
*flags |= TCP_OPTION;
- *nfcache |= NFC_IP_PROTO_UNKNOWN;
break;
default:
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_PROTO_UNKNOWN;
-}
-
static u_int16_t
parse_tcp_mssvalue(const char *mssvalue)
{
.size = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{
struct ipt_time_info *info = (struct ipt_time_info *)m->data;
globaldays = 0;
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
/* By default, we match on everyday */
info->days_match = 127;
/* By default, we match on every hour:min of the day */
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_TOS;
-}
-
static void
parse_tos(const unsigned char *s, struct ipt_tos_info *info)
{
.size = IPT_ALIGN(sizeof(struct ipt_tos_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_tos_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
, IPTABLES_VERSION);
}
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
struct ipt_entry_match **match)
.size = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
{ 0 }
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
/* shared printing code */
static void print_u32(struct ipt_u32 *data)
{
.size = IPT_ALIGN(sizeof(struct ipt_u32)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_u32)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
if (invert)
udpinfo->invflags |= IPT_UDP_INV_SRCPT;
*flags |= UDP_SRC_PORTS;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
if (invert)
udpinfo->invflags |= IPT_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;
- *nfcache |= NFC_IP_DST_PT;
break;
default:
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = NULL,
&& (fw.ipv6.invflags & IP6T_INV_PROTO))
exit_error(PARAMETER_PROBLEM,
"rule would never match protocol");
- fw.nfcache |= NFC_IP6_PROTO;
break;
case 's':
set_option(&options, OPT_SOURCE, &fw.ipv6.invflags,
invert);
shostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP6_SRC;
break;
case 'd':
set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags,
invert);
dhostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP6_DST;
break;
case 'j':
parse_interface(argv[optind-1],
fw.ipv6.iniface,
fw.ipv6.iniface_mask);
- fw.nfcache |= NFC_IP6_IF_IN;
break;
case 'o':
parse_interface(argv[optind-1],
fw.ipv6.outiface,
fw.ipv6.outiface_mask);
- fw.nfcache |= NFC_IP6_IF_OUT;
break;
case 'v':
&& (fw.ip.invflags & IPT_INV_PROTO))
exit_error(PARAMETER_PROBLEM,
"rule would never match protocol");
- fw.nfcache |= NFC_IP_PROTO;
break;
case 's':
set_option(&options, OPT_SOURCE, &fw.ip.invflags,
invert);
shostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP_SRC;
break;
case 'd':
set_option(&options, OPT_DESTINATION, &fw.ip.invflags,
invert);
dhostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP_DST;
break;
case 'j':
strcpy(target->t->u.user.name, jumpto);
set_revision(target->t->u.user.name,
target->revision);
- target->init(target->t, &fw.nfcache);
+ if (target->init != NULL)
+ target->init(target->t, &fw.nfcache);
opts = merge_options(opts, target->extra_opts, &target->option_offset);
}
break;
parse_interface(argv[optind-1],
fw.ip.iniface,
fw.ip.iniface_mask);
- fw.nfcache |= NFC_IP_IF_IN;
break;
case 'o':
parse_interface(argv[optind-1],
fw.ip.outiface,
fw.ip.outiface_mask);
- fw.nfcache |= NFC_IP_IF_OUT;
break;
case 'f':
set_option(&options, OPT_FRAGMENT, &fw.ip.invflags,
invert);
fw.ip.flags |= IPT_F_FRAG;
- fw.nfcache |= NFC_IP_FRAG;
break;
case 'v':
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
set_revision(m->m->u.user.name, m->revision);
- m->init(m->m, &fw.nfcache);
+ if (m->init != NULL)
+ m->init(m->m, &fw.nfcache);
opts = merge_options(opts, m->extra_opts, &m->option_offset);
}
break;
strcpy(m->m->u.user.name, m->name);
set_revision(m->m->u.user.name,
m->revision);
- m->init(m->m, &fw.nfcache);
+ if (m->init != NULL)
+ m->init(m->m, &fw.nfcache);
opts = merge_options(opts,
m->extra_opts, &m->option_offset);
target->t->u.target_size = size;
strcpy(target->t->u.user.name, jumpto);
set_revision(target->t->u.user.name, target->revision);
- target->init(target->t, &fw.nfcache);
+ if (target->init != NULL)
+ target->init(target->t, &fw.nfcache);
}
if (!target) {
printf("Cache: %08X ", e->nfcache);
if (e->nfcache & NFC_ALTERED) printf("ALTERED ");
if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN ");
- if (e->nfcache & NFC_IP_SRC) printf("IP_SRC ");
- if (e->nfcache & NFC_IP_DST) printf("IP_DST ");
- if (e->nfcache & NFC_IP_IF_IN) printf("IP_IF_IN ");
- if (e->nfcache & NFC_IP_IF_OUT) printf("IP_IF_OUT ");
- if (e->nfcache & NFC_IP_TOS) printf("IP_TOS ");
- if (e->nfcache & NFC_IP_PROTO) printf("IP_PROTO ");
- if (e->nfcache & NFC_IP_OPTIONS) printf("IP_OPTIONS ");
- if (e->nfcache & NFC_IP_TCPFLAGS) printf("IP_TCPFLAGS ");
- if (e->nfcache & NFC_IP_SRC_PT) printf("IP_SRC_PT ");
- if (e->nfcache & NFC_IP_DST_PT) printf("IP_DST_PT ");
- if (e->nfcache & NFC_IP_PROTO_UNKNOWN) printf("IP_PROTO_UNKNOWN ");
printf("\n");
IPT_MATCH_ITERATE(e, print_match);
printf("Cache: %08X ", e->nfcache);
if (e->nfcache & NFC_ALTERED) printf("ALTERED ");
if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN ");
- if (e->nfcache & NFC_IP6_SRC) printf("IP6_SRC ");
- if (e->nfcache & NFC_IP6_DST) printf("IP6_DST ");
- if (e->nfcache & NFC_IP6_IF_IN) printf("IP6_IF_IN ");
- if (e->nfcache & NFC_IP6_IF_OUT) printf("IP6_IF_OUT ");
- if (e->nfcache & NFC_IP6_TOS) printf("IP6_TOS ");
- if (e->nfcache & NFC_IP6_PROTO) printf("IP6_PROTO ");
- if (e->nfcache & NFC_IP6_OPTIONS) printf("IP6_OPTIONS ");
- if (e->nfcache & NFC_IP6_TCPFLAGS) printf("IP6_TCPFLAGS ");
- if (e->nfcache & NFC_IP6_SRC_PT) printf("IP6_SRC_PT ");
- if (e->nfcache & NFC_IP6_DST_PT) printf("IP6_DST_PT ");
- if (e->nfcache & NFC_IP6_PROTO_UNKNOWN) printf("IP6_PROTO_UNKNOWN ");
printf("\n");
IP6T_MATCH_ITERATE(e, print_match);
projects / thirdparty / iptables.git / commitdiff
