|
|
aca4c4 |
From 767c668628296fb3236aeeea1699ce06e66e5270 Mon Sep 17 00:00:00 2001
|
|
|
aca4c4 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
aca4c4 |
Date: Fri, 5 Apr 2019 13:21:19 +0200
|
|
|
aca4c4 |
Subject: [PATCH] xshared: Merge and share parse_chain()
|
|
|
aca4c4 |
|
|
|
aca4c4 |
Have a common routine to perform chain name checks, combining all
|
|
|
aca4c4 |
variants' requirements.
|
|
|
aca4c4 |
|
|
|
aca4c4 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
aca4c4 |
(cherry picked from commit 1189d830ea4fd269da87761d400ebabca02e1ef3)
|
|
|
aca4c4 |
|
|
|
aca4c4 |
Conflicts:
|
|
|
aca4c4 |
iptables/ip6tables.c
|
|
|
aca4c4 |
iptables/xshared.c
|
|
|
aca4c4 |
-> Context changes due to missing commit 9dc50b5b8e441
|
|
|
aca4c4 |
("xshared: Merge invflags handling code")
|
|
|
aca4c4 |
---
|
|
|
aca4c4 |
iptables/ip6tables.c | 26 --------------------------
|
|
|
aca4c4 |
iptables/iptables.c | 25 -------------------------
|
|
|
aca4c4 |
iptables/xshared.c | 24 ++++++++++++++++++++++++
|
|
|
aca4c4 |
iptables/xshared.h | 1 +
|
|
|
aca4c4 |
iptables/xtables.c | 9 +--------
|
|
|
aca4c4 |
5 files changed, 26 insertions(+), 59 deletions(-)
|
|
|
aca4c4 |
|
|
|
aca4c4 |
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
|
|
|
aca4c4 |
index 576c2cf8b0d9f..614d1e249c06d 100644
|
|
|
aca4c4 |
--- a/iptables/ip6tables.c
|
|
|
aca4c4 |
+++ b/iptables/ip6tables.c
|
|
|
aca4c4 |
@@ -327,32 +327,6 @@ static int is_exthdr(uint16_t proto)
|
|
|
aca4c4 |
proto == IPPROTO_DSTOPTS);
|
|
|
aca4c4 |
}
|
|
|
aca4c4 |
|
|
|
aca4c4 |
-static void
|
|
|
aca4c4 |
-parse_chain(const char *chainname)
|
|
|
aca4c4 |
-{
|
|
|
aca4c4 |
- const char *ptr;
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- if (strlen(chainname) >= XT_EXTENSION_MAXNAMELEN)
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name `%s' too long (must be under %u chars)",
|
|
|
aca4c4 |
- chainname, XT_EXTENSION_MAXNAMELEN);
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- if (*chainname == '-' || *chainname == '!')
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name not allowed to start "
|
|
|
aca4c4 |
- "with `%c'\n", *chainname);
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- if (xtables_find_target(chainname, XTF_TRY_LOAD))
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name may not clash "
|
|
|
aca4c4 |
- "with target name\n");
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- for (ptr = chainname; *ptr; ptr++)
|
|
|
aca4c4 |
- if (isspace(*ptr))
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "Invalid chain name `%s'", chainname);
|
|
|
aca4c4 |
-}
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
static void
|
|
|
aca4c4 |
set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
|
|
|
aca4c4 |
int invert)
|
|
|
aca4c4 |
diff --git a/iptables/iptables.c b/iptables/iptables.c
|
|
|
aca4c4 |
index 88ef6cf666d4b..3b395981cc8ea 100644
|
|
|
aca4c4 |
--- a/iptables/iptables.c
|
|
|
aca4c4 |
+++ b/iptables/iptables.c
|
|
|
aca4c4 |
@@ -319,31 +319,6 @@ opt2char(int option)
|
|
|
aca4c4 |
|
|
|
aca4c4 |
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
|
|
|
aca4c4 |
|
|
|
aca4c4 |
-static void
|
|
|
aca4c4 |
-parse_chain(const char *chainname)
|
|
|
aca4c4 |
-{
|
|
|
aca4c4 |
- const char *ptr;
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- if (strlen(chainname) >= XT_EXTENSION_MAXNAMELEN)
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name `%s' too long (must be under %u chars)",
|
|
|
aca4c4 |
- chainname, XT_EXTENSION_MAXNAMELEN);
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- if (*chainname == '-' || *chainname == '!')
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name not allowed to start "
|
|
|
aca4c4 |
- "with `%c'\n", *chainname);
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- if (xtables_find_target(chainname, XTF_TRY_LOAD))
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name may not clash "
|
|
|
aca4c4 |
- "with target name\n");
|
|
|
aca4c4 |
-
|
|
|
aca4c4 |
- for (ptr = chainname; *ptr; ptr++)
|
|
|
aca4c4 |
- if (isspace(*ptr))
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "Invalid chain name `%s'", chainname);
|
|
|
aca4c4 |
-}
|
|
|
aca4c4 |
|
|
|
aca4c4 |
static void
|
|
|
aca4c4 |
set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
|
|
|
aca4c4 |
diff --git a/iptables/xshared.c b/iptables/xshared.c
|
|
|
aca4c4 |
index dcc995a9cabe6..de8326b6c7b05 100644
|
|
|
aca4c4 |
--- a/iptables/xshared.c
|
|
|
aca4c4 |
+++ b/iptables/xshared.c
|
|
|
aca4c4 |
@@ -775,3 +775,27 @@ int parse_rulenumber(const char *rule)
|
|
|
aca4c4 |
|
|
|
aca4c4 |
return rulenum;
|
|
|
aca4c4 |
}
|
|
|
aca4c4 |
+
|
|
|
aca4c4 |
+void parse_chain(const char *chainname)
|
|
|
aca4c4 |
+{
|
|
|
aca4c4 |
+ const char *ptr;
|
|
|
aca4c4 |
+
|
|
|
aca4c4 |
+ if (strlen(chainname) >= XT_EXTENSION_MAXNAMELEN)
|
|
|
aca4c4 |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
+ "chain name `%s' too long (must be under %u chars)",
|
|
|
aca4c4 |
+ chainname, XT_EXTENSION_MAXNAMELEN);
|
|
|
aca4c4 |
+
|
|
|
aca4c4 |
+ if (*chainname == '-' || *chainname == '!')
|
|
|
aca4c4 |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
+ "chain name not allowed to start with `%c'\n",
|
|
|
aca4c4 |
+ *chainname);
|
|
|
aca4c4 |
+
|
|
|
aca4c4 |
+ if (xtables_find_target(chainname, XTF_TRY_LOAD))
|
|
|
aca4c4 |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
+ "chain name may not clash with target name\n");
|
|
|
aca4c4 |
+
|
|
|
aca4c4 |
+ for (ptr = chainname; *ptr; ptr++)
|
|
|
aca4c4 |
+ if (isspace(*ptr))
|
|
|
aca4c4 |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
+ "Invalid chain name `%s'", chainname);
|
|
|
aca4c4 |
+}
|
|
|
aca4c4 |
diff --git a/iptables/xshared.h b/iptables/xshared.h
|
|
|
aca4c4 |
index e4015c00e2a35..f5d2f8d0a2bc5 100644
|
|
|
aca4c4 |
--- a/iptables/xshared.h
|
|
|
aca4c4 |
+++ b/iptables/xshared.h
|
|
|
aca4c4 |
@@ -217,5 +217,6 @@ char cmd2char(int option);
|
|
|
aca4c4 |
void add_command(unsigned int *cmd, const int newcmd,
|
|
|
aca4c4 |
const int othercmds, int invert);
|
|
|
aca4c4 |
int parse_rulenumber(const char *rule);
|
|
|
aca4c4 |
+void parse_chain(const char *chainname);
|
|
|
aca4c4 |
|
|
|
aca4c4 |
#endif /* IPTABLES_XSHARED_H */
|
|
|
aca4c4 |
diff --git a/iptables/xtables.c b/iptables/xtables.c
|
|
|
aca4c4 |
index 8c2d21d42b7d2..3ea293ee7c411 100644
|
|
|
aca4c4 |
--- a/iptables/xtables.c
|
|
|
aca4c4 |
+++ b/iptables/xtables.c
|
|
|
aca4c4 |
@@ -668,14 +668,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
|
|
|
aca4c4 |
break;
|
|
|
aca4c4 |
|
|
|
aca4c4 |
case 'N':
|
|
|
aca4c4 |
- if (optarg && (*optarg == '-' || *optarg == '!'))
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name not allowed to start "
|
|
|
aca4c4 |
- "with `%c'\n", *optarg);
|
|
|
aca4c4 |
- if (xtables_find_target(optarg, XTF_TRY_LOAD))
|
|
|
aca4c4 |
- xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
- "chain name may not clash "
|
|
|
aca4c4 |
- "with target name\n");
|
|
|
aca4c4 |
+ parse_chain(optarg);
|
|
|
aca4c4 |
add_command(&p->command, CMD_NEW_CHAIN, CMD_NONE,
|
|
|
aca4c4 |
cs->invert);
|
|
|
aca4c4 |
p->chain = optarg;
|
|
|
aca4c4 |
--
|
|
|
aca4c4 |
2.34.1
|
|
|
aca4c4 |
|