[PATCH 19/21] libxt_range match, revision 0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Move libipt_range to libxt_range.

Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>

---
 extensions/Makefile                        |    2 
 extensions/libipt_iprange.c                |  175 -----------------------------
 extensions/libipt_iprange.man              |    7 -
 extensions/libxt_iprange.c                 |  168 +++++++++++++++++++++++++++
 extensions/libxt_iprange.man               |    7 +
 include/linux/netfilter/xt_iprange.h       |   17 ++
 include/linux/netfilter_ipv4/ipt_iprange.h |    8 -
 7 files changed, 196 insertions(+), 188 deletions(-)

Index: iptables-modules/extensions/Makefile
===================================================================
--- iptables-modules.orig/extensions/Makefile
+++ iptables-modules/extensions/Makefile
@@ -23,7 +23,6 @@ PF_EXT_SLIB += addrtype
 PF_EXT_SLIB += ah
 PF_EXT_SLIB += ecn
 PF_EXT_SLIB += icmp
-PF_EXT_SLIB += iprange
 PF_EXT_SLIB += policy
 PF_EXT_SLIB += realm
 PF_EXT_SLIB += recent
@@ -67,6 +66,7 @@ PFX_EXT_SLIB += dscp
 PFX_EXT_SLIB += esp
 PFX_EXT_SLIB += hashlimit
 PFX_EXT_SLIB += helper
+PFX_EXT_SLIB += iprange
 PFX_EXT_SLIB += length
 PFX_EXT_SLIB += limit
 PFX_EXT_SLIB += mac
Index: iptables-modules/extensions/libipt_iprange.c
===================================================================
--- iptables-modules.orig/extensions/libipt_iprange.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/* Shared library add-on to iptables to add IP range matching support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <iptables.h>
-#include <linux/netfilter_ipv4/ipt_iprange.h>
-
-/* Function which prints out usage message. */
-static void iprange_help(void)
-{
-	printf(
-"iprange match v%s options:\n"
-"[!] --src-range ip-ip        Match source IP in the specified range\n"
-"[!] --dst-range ip-ip        Match destination IP in the specified range\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static const struct option iprange_opts[] = {
-	{ "src-range", 1, NULL, '1' },
-	{ "dst-range", 1, NULL, '2' },
-	{ }
-};
-
-static void
-parse_iprange(char *arg, struct ipt_iprange *range)
-{
-	char *dash;
-	const struct in_addr *ip;
-
-	dash = strchr(arg, '-');
-	if (dash)
-		*dash = '\0';
-		
-	ip = numeric_to_ipaddr(arg);
-	if (!ip)
-		exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n", 
-			   arg);
-	range->min_ip = ip->s_addr;
-
-	if (dash) {
-		ip = numeric_to_ipaddr(dash+1);
-		if (!ip)
-			exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
-				   dash+1);
-		range->max_ip = ip->s_addr;
-	} else
-		range->max_ip = range->min_ip;
-}
-
-/* Function which parses command options; returns true if it
-   ate an option */
-static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
-                         const void *entry, struct xt_entry_match **match)
-{
-	struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & IPRANGE_SRC)
-			exit_error(PARAMETER_PROBLEM,
-				   "iprange match: Only use --src-range ONCE!");
-		*flags |= IPRANGE_SRC;
-
-		info->flags |= IPRANGE_SRC;
-		check_inverse(optarg, &invert, &optind, 0);
-		if (invert) {
-			info->flags |= IPRANGE_SRC_INV;
-		}
-		parse_iprange(optarg, &info->src);		
-
-		break;
-
-	case '2':
-		if (*flags & IPRANGE_DST)
-			exit_error(PARAMETER_PROBLEM,
-				   "iprange match: Only use --dst-range ONCE!");
-		*flags |= IPRANGE_DST;
-
-		info->flags |= IPRANGE_DST;
-		check_inverse(optarg, &invert, &optind, 0);
-		if (invert)
-			info->flags |= IPRANGE_DST_INV;
-
-		parse_iprange(optarg, &info->dst);		
-
-		break;
-
-	default:
-		return 0;
-	}
-	return 1;
-}
-
-/* Final check; must have specified --src-range or --dst-range. */
-static void iprange_check(unsigned int flags)
-{
-	if (!flags)
-		exit_error(PARAMETER_PROBLEM,
-			   "iprange match: You must specify `--src-range' or `--dst-range'");
-}
-
-static void
-print_iprange(const struct ipt_iprange *range)
-{
-	const unsigned char *byte_min, *byte_max;
-
-	byte_min = (const unsigned char *) &(range->min_ip);
-	byte_max = (const unsigned char *) &(range->max_ip);
-	printf("%d.%d.%d.%d-%d.%d.%d.%d ", 
-		byte_min[0], byte_min[1], byte_min[2], byte_min[3],
-		byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
-}
-
-/* Prints out the info. */
-static void iprange_print(const void *ip, const struct xt_entry_match *match,
-                          int numeric)
-{
-	struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
-
-	if (info->flags & IPRANGE_SRC) {
-		printf("source IP range ");
-		if (info->flags & IPRANGE_SRC_INV)
-			printf("! ");
-		print_iprange(&info->src);
-	}
-	if (info->flags & IPRANGE_DST) {
-		printf("destination IP range ");
-		if (info->flags & IPRANGE_DST_INV)
-			printf("! ");
-		print_iprange(&info->dst);
-	}
-}
-
-/* Saves the union ipt_info in parsable form to stdout. */
-static void iprange_save(const void *ip, const struct xt_entry_match *match)
-{
-	struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
-
-	if (info->flags & IPRANGE_SRC) {
-		if (info->flags & IPRANGE_SRC_INV)
-			printf("! ");
-		printf("--src-range ");
-		print_iprange(&info->src);
-		if (info->flags & IPRANGE_DST)
-			fputc(' ', stdout);
-	}
-	if (info->flags & IPRANGE_DST) {
-		if (info->flags & IPRANGE_DST_INV)
-			printf("! ");
-		printf("--dst-range ");
-		print_iprange(&info->dst);
-	}
-}
-
-static struct iptables_match iprange_match = {
-	.name		= "iprange",
-	.version	= IPTABLES_VERSION,
-	.size		= IPT_ALIGN(sizeof(struct ipt_iprange_info)),
-	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_iprange_info)),
-	.help		= iprange_help,
-	.parse		= iprange_parse,
-	.final_check	= iprange_check,
-	.print		= iprange_print,
-	.save		= iprange_save,
-	.extra_opts	= iprange_opts,
-};
-
-void _init(void)
-{
-	register_match(&iprange_match);
-}
Index: iptables-modules/extensions/libipt_iprange.man
===================================================================
--- iptables-modules.orig/extensions/libipt_iprange.man
+++ /dev/null
@@ -1,7 +0,0 @@
-This matches on a given arbitrary range of IPv4 addresses
-.TP
-.BI "[!]" "--src-range " "ip-ip"
-Match source IP in the specified range.
-.TP
-.BI "[!]" "--dst-range " "ip-ip"
-Match destination IP in the specified range.
Index: iptables-modules/extensions/libxt_iprange.c
===================================================================
--- /dev/null
+++ iptables-modules/extensions/libxt_iprange.c
@@ -0,0 +1,168 @@
+/* Shared library add-on to iptables to add IP range matching support. */
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ipt_iprange.h>
+
+static void iprange_help(void)
+{
+	printf(
+"iprange match options:\n"
+"[!] --src-range ip-ip        Match source IP in the specified range\n"
+"[!] --dst-range ip-ip        Match destination IP in the specified range\n"
+"\n");
+}
+
+static const struct option iprange_opts[] = {
+	{.name = "src-range", .has_arg = true, .val = '1'},
+	{.name = "dst-range", .has_arg = true, .val = '2'},
+	{},
+};
+
+static void
+parse_iprange(char *arg, struct ipt_iprange *range)
+{
+	char *dash;
+	const struct in_addr *ip;
+
+	dash = strchr(arg, '-');
+	if (dash != NULL)
+		*dash = '\0';
+
+	ip = numeric_to_ipaddr(arg);
+	if (ip != NULL)
+		exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
+			   arg);
+	range->min_ip = ip->s_addr;
+
+	if (dash != NULL) {
+		ip = numeric_to_ipaddr(dash+1);
+		if (ip != NULL)
+			exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
+				   dash+1);
+		range->max_ip = ip->s_addr;
+	} else {
+		range->max_ip = range->min_ip;
+	}
+}
+
+static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
+                         const void *entry, struct xt_entry_match **match)
+{
+	struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+
+	switch (c) {
+	case '1':
+		if (*flags & IPRANGE_SRC)
+			exit_error(PARAMETER_PROBLEM,
+				   "iprange match: Only use --src-range ONCE!");
+		*flags |= IPRANGE_SRC;
+
+		info->flags |= IPRANGE_SRC;
+		check_inverse(optarg, &invert, &optind, 0);
+		if (invert)
+			info->flags |= IPRANGE_SRC_INV;
+		parse_iprange(optarg, &info->src);
+
+		break;
+
+	case '2':
+		if (*flags & IPRANGE_DST)
+			exit_error(PARAMETER_PROBLEM,
+				   "iprange match: Only use --dst-range ONCE!");
+		*flags |= IPRANGE_DST;
+
+		info->flags |= IPRANGE_DST;
+		check_inverse(optarg, &invert, &optind, 0);
+		if (invert)
+			info->flags |= IPRANGE_DST_INV;
+
+		parse_iprange(optarg, &info->dst);
+
+		break;
+
+	default:
+		return 0;
+	}
+	return 1;
+}
+
+static void iprange_check(unsigned int flags)
+{
+	if (flags == 0)
+		exit_error(PARAMETER_PROBLEM,
+			   "iprange match: You must specify `--src-range' or `--dst-range'");
+}
+
+static void
+print_iprange(const struct ipt_iprange *range)
+{
+	const unsigned char *byte_min, *byte_max;
+
+	byte_min = (const unsigned char *)&range->min_ip;
+	byte_max = (const unsigned char *)&range->max_ip;
+	printf("%u.%u.%u.%u-%u.%u.%u.%u ",
+		byte_min[0], byte_min[1], byte_min[2], byte_min[3],
+		byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
+}
+
+static void iprange_print(const void *ip, const struct xt_entry_match *match,
+                          int numeric)
+{
+	const struct ipt_iprange_info *info = (const void *)match->data;
+
+	if (info->flags & IPRANGE_SRC) {
+		printf("source IP range ");
+		if (info->flags & IPRANGE_SRC_INV)
+			printf("! ");
+		print_iprange(&info->src);
+	}
+	if (info->flags & IPRANGE_DST) {
+		printf("destination IP range ");
+		if (info->flags & IPRANGE_DST_INV)
+			printf("! ");
+		print_iprange(&info->dst);
+	}
+}
+
+static void iprange_save(const void *ip, const struct xt_entry_match *match)
+{
+	const struct ipt_iprange_info *info = (const void *)match->data;
+
+	if (info->flags & IPRANGE_SRC) {
+		if (info->flags & IPRANGE_SRC_INV)
+			printf("! ");
+		printf("--src-range ");
+		print_iprange(&info->src);
+		if (info->flags & IPRANGE_DST)
+			fputc(' ', stdout);
+	}
+	if (info->flags & IPRANGE_DST) {
+		if (info->flags & IPRANGE_DST_INV)
+			printf("! ");
+		printf("--dst-range ");
+		print_iprange(&info->dst);
+	}
+}
+
+static struct iptables_match iprange_match = {
+	.name		= "iprange",
+	.version	= IPTABLES_VERSION,
+	.size		= IPT_ALIGN(sizeof(struct ipt_iprange_info)),
+	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_iprange_info)),
+	.help		= iprange_help,
+	.parse		= iprange_parse,
+	.final_check	= iprange_check,
+	.print		= iprange_print,
+	.save		= iprange_save,
+	.extra_opts	= iprange_opts,
+};
+
+void _init(void)
+{
+	register_match(&iprange_match);
+}
Index: iptables-modules/extensions/libxt_iprange.man
===================================================================
--- /dev/null
+++ iptables-modules/extensions/libxt_iprange.man
@@ -0,0 +1,7 @@
+This matches on a given arbitrary range of IP addresses.
+.TP
+[\fB!\fR] \fB--src-range\fR \fIfrom\fR-\fIto\fR
+Match source IP in the specified range.
+.TP
+[\fB!\fR] \fB--dst-range\fR \fIfrom\fR-\fIto\fR
+Match destination IP in the specified range.
Index: iptables-modules/include/linux/netfilter/xt_iprange.h
===================================================================
--- /dev/null
+++ iptables-modules/include/linux/netfilter/xt_iprange.h
@@ -0,0 +1,17 @@
+#ifndef _LINUX_NETFILTER_XT_IPRANGE_H
+#define _LINUX_NETFILTER_XT_IPRANGE_H 1
+
+enum {
+	IPRANGE_SRC     = 1 << 0,	/* match source IP address */
+	IPRANGE_DST     = 1 << 1,	/* match destination IP address */
+	IPRANGE_SRC_INV = 1 << 4,	/* negate the condition */
+	IPRANGE_DST_INV = 1 << 5,	/* -"- */
+};
+
+struct xt_iprange_mtinfo {
+	union nf_inet_addr src_min, src_max;
+	union nf_inet_addr dst_min, dst_max;
+	u_int8_t flags;
+};
+
+#endif /* _LINUX_NETFILTER_XT_IPRANGE_H */
Index: iptables-modules/include/linux/netfilter_ipv4/ipt_iprange.h
===================================================================
--- iptables-modules.orig/include/linux/netfilter_ipv4/ipt_iprange.h
+++ iptables-modules/include/linux/netfilter_ipv4/ipt_iprange.h
@@ -1,14 +1,12 @@
 #ifndef _IPT_IPRANGE_H
 #define _IPT_IPRANGE_H
 
-#define IPRANGE_SRC		0x01	/* Match source IP address */
-#define IPRANGE_DST		0x02	/* Match destination IP address */
-#define IPRANGE_SRC_INV		0x10	/* Negate the condition */
-#define IPRANGE_DST_INV		0x20	/* Negate the condition */
+#include <linux/types.h>
+#include <linux/netfilter/xt_iprange.h>
 
 struct ipt_iprange {
 	/* Inclusive: network order. */
-	u_int32_t min_ip, max_ip;
+	__be32 min_ip, max_ip;
 };
 
 struct ipt_iprange_info
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux