Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- ip6tables.c | 72 ++++++++++++++++++++++++++++------------------------- iptables.c | 79 ++++++++++++++++++++++++++++++---------------------------- xshared.h | 1 + 3 files changed, 80 insertions(+), 72 deletions(-) diff --git a/ip6tables.c b/ip6tables.c index c475bf2..eb28dc0 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1302,6 +1302,33 @@ static void command_default(struct iptables_command_state *cs) xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg); } +static void command_jump(struct iptables_command_state *cs) +{ + size_t size; + + set_option(&cs->options, OPT_JUMP, &cs->fw6.ipv6.invflags, cs->invert); + cs->jumpto = parse_target(optarg); + /* TRY_LOAD (may be chain name) */ + cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD); + + if (cs->target == NULL) + return; + + size = IP6T_ALIGN(sizeof(struct ip6t_entry_target)) + cs->target->size; + + cs->target->t = xtables_calloc(1, size); + cs->target->t->u.target_size = size; + strcpy(cs->target->t->u.user.name, cs->jumpto); + cs->target->t->u.user.revision = cs->target->revision; + if (cs->target->init != NULL) + cs->target->init(cs->target->t); + opts = xtables_merge_options(ip6tables_globals.orig_opts, opts, + cs->target->extra_opts, + &cs->target->option_offset); + if (opts == NULL) + xtables_error(OTHER_PROBLEM, "can't alloc memory!"); +} + int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **handle) { struct iptables_command_state cs; @@ -1320,10 +1347,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand struct xtables_match *m; struct xtables_rule_match *matchp; struct xtables_target *t; - const char *jumpto = ""; unsigned long long cnt; memset(&cs, 0, sizeof(cs)); + cs.jumpto = ""; cs.argv = argv; /* re-set optind to 0 in case do_command gets called @@ -1548,36 +1575,12 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand set_option(&cs.options, OPT_JUMP, &cs.fw6.ipv6.invflags, cs.invert); cs.fw6.ipv6.flags |= IP6T_F_GOTO; - jumpto = parse_target(optarg); + cs.jumpto = parse_target(optarg); break; #endif case 'j': - set_option(&cs.options, OPT_JUMP, &cs.fw6.ipv6.invflags, - cs.invert); - jumpto = parse_target(optarg); - /* TRY_LOAD (may be chain name) */ - cs.target = xtables_find_target(jumpto, XTF_TRY_LOAD); - - if (cs.target) { - size_t size; - - size = IP6T_ALIGN(sizeof(struct ip6t_entry_target)) - + cs.target->size; - - cs.target->t = xtables_calloc(1, size); - cs.target->t->u.target_size = size; - strcpy(cs.target->t->u.user.name, jumpto); - cs.target->t->u.user.revision = cs.target->revision; - if (cs.target->init != NULL) - cs.target->init(cs.target->t); - opts = xtables_merge_options(ip6tables_globals.orig_opts, opts, - cs.target->extra_opts, - &cs.target->option_offset); - if (opts == NULL) - xtables_error(OTHER_PROBLEM, - "can't alloc memory!"); - } + command_jump(&cs); break; @@ -1806,10 +1809,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand chain); } - if (cs.target && ip6tc_is_chain(jumpto, *handle)) { + if (cs.target && ip6tc_is_chain(cs.jumpto, *handle)) { fprintf(stderr, "Warning: using chain %s, not extension\n", - jumpto); + cs.jumpto); if (cs.target->t) free(cs.target->t); @@ -1820,8 +1823,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand /* If they didn't specify a target, or it's a chain name, use standard. */ if (!cs.target - && (strlen(jumpto) == 0 - || ip6tc_is_chain(jumpto, *handle))) { + && (strlen(cs.jumpto) == 0 + || ip6tc_is_chain(cs.jumpto, *handle))) { size_t size; cs.target = xtables_find_target(IP6T_STANDARD_TARGET, @@ -1831,7 +1834,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand + cs.target->size; cs.target->t = xtables_calloc(1, size); cs.target->t->u.target_size = size; - strcpy(cs.target->t->u.user.name, jumpto); + strcpy(cs.target->t->u.user.name, cs.jumpto); if (cs.target->init != NULL) cs.target->init(cs.target->t); } @@ -1844,9 +1847,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand #ifdef IP6T_F_GOTO if (cs.fw6.ipv6.flags & IP6T_F_GOTO) xtables_error(PARAMETER_PROBLEM, - "goto '%s' is not a chain\n", jumpto); + "goto '%s' is not a chain\n", + cs.jumpto); #endif - xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED); + xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED); } else { e = generate_entry(&cs.fw6, cs.matches, cs.target->t); free(cs.target->t); diff --git a/iptables.c b/iptables.c index 96732b4..354bc9c 100644 --- a/iptables.c +++ b/iptables.c @@ -1328,6 +1328,34 @@ static void command_default(struct iptables_command_state *cs) xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg); } +static void command_jump(struct iptables_command_state *cs) +{ + size_t size; + + set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags, cs->invert); + cs->jumpto = parse_target(optarg); + /* TRY_LOAD (may be chain name) */ + cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD); + + if (cs->target == NULL) + return; + + size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + + cs->target->size; + + cs->target->t = xtables_calloc(1, size); + cs->target->t->u.target_size = size; + strcpy(cs->target->t->u.user.name, cs->jumpto); + cs->target->t->u.user.revision = cs->target->revision; + if (cs->target->init != NULL) + cs->target->init(cs->target->t); + opts = xtables_merge_options(iptables_globals.orig_opts, opts, + cs->target->extra_opts, + &cs->target->option_offset); + if (opts == NULL) + xtables_error(OTHER_PROBLEM, "can't alloc memory!"); +} + int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle) { struct iptables_command_state cs; @@ -1346,10 +1374,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle struct xtables_match *m; struct xtables_rule_match *matchp; struct xtables_target *t; - const char *jumpto = ""; unsigned long long cnt; memset(&cs, 0, sizeof(cs)); + cs.jumpto = ""; cs.argv = argv; /* re-set optind to 0 in case do_command gets called @@ -1566,38 +1594,12 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags, cs.invert); cs.fw.ip.flags |= IPT_F_GOTO; - jumpto = parse_target(optarg); + cs.jumpto = parse_target(optarg); break; #endif case 'j': - set_option(&cs.options, OPT_JUMP, &cs.fw.ip.invflags, - cs.invert); - jumpto = parse_target(optarg); - /* TRY_LOAD (may be chain name) */ - cs.target = xtables_find_target(jumpto, XTF_TRY_LOAD); - - if (cs.target) { - size_t size; - - size = IPT_ALIGN(sizeof(struct ipt_entry_target)) - + cs.target->size; - - cs.target->t = xtables_calloc(1, size); - cs.target->t->u.target_size = size; - strcpy(cs.target->t->u.user.name, jumpto); - cs.target->t->u.user.revision = cs.target->revision; - if (cs.target->init != NULL) - cs.target->init(cs.target->t); - opts = xtables_merge_options( - iptables_globals.orig_opts, - opts, - cs.target->extra_opts, - &cs.target->option_offset); - if (opts == NULL) - xtables_error(OTHER_PROBLEM, - "can't alloc memory!"); - } + command_jump(&cs); break; @@ -1757,7 +1759,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle if (strcmp(*table, "nat") == 0 && ((policy != NULL && strcmp(policy, "DROP") == 0) || - (jumpto != NULL && strcmp(jumpto, "DROP") == 0))) + (cs.jumpto != NULL && strcmp(cs.jumpto, "DROP") == 0))) xtables_error(PARAMETER_PROBLEM, "\nThe \"nat\" table is not intended for filtering, " "the use of DROP is therefore inhibited.\n\n"); @@ -1848,10 +1850,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle chain); } - if (cs.target && iptc_is_chain(jumpto, *handle)) { + if (cs.target && iptc_is_chain(cs.jumpto, *handle)) { fprintf(stderr, "Warning: using chain %s, not extension\n", - jumpto); + cs.jumpto); if (cs.target->t) free(cs.target->t); @@ -1862,8 +1864,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle /* If they didn't specify a target, or it's a chain name, use standard. */ if (!cs.target - && (strlen(jumpto) == 0 - || iptc_is_chain(jumpto, *handle))) { + && (strlen(cs.jumpto) == 0 + || iptc_is_chain(cs.jumpto, *handle))) { size_t size; cs.target = xtables_find_target(IPT_STANDARD_TARGET, @@ -1873,8 +1875,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle + cs.target->size; cs.target->t = xtables_calloc(1, size); cs.target->t->u.target_size = size; - strcpy(cs.target->t->u.user.name, jumpto); - if (!iptc_is_chain(jumpto, *handle)) + strcpy(cs.target->t->u.user.name, cs.jumpto); + if (!iptc_is_chain(cs.jumpto, *handle)) cs.target->t->u.user.revision = cs.target->revision; if (cs.target->init != NULL) cs.target->init(cs.target->t); @@ -1888,9 +1890,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle #ifdef IPT_F_GOTO if (cs.fw.ip.flags & IPT_F_GOTO) xtables_error(PARAMETER_PROBLEM, - "goto '%s' is not a chain\n", jumpto); + "goto '%s' is not a chain\n", + cs.jumpto); #endif - xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED); + xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED); } else { e = generate_entry(&cs.fw, cs.matches, cs.target->t); free(cs.target->t); diff --git a/xshared.h b/xshared.h index d0cb516..a08e6d9 100644 --- a/xshared.h +++ b/xshared.h @@ -35,6 +35,7 @@ struct iptables_command_state { struct xtables_target *target; char *protocol; int proto_used; + const char *jumpto; char **argv; }; -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html