diff options
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libct_proto_icmp.c | 2 | ||||
| -rw-r--r-- | extensions/libct_proto_icmpv6.c | 7 | ||||
| -rw-r--r-- | extensions/libct_proto_tcp.c | 52 | ||||
| -rw-r--r-- | extensions/libct_proto_udp.c | 52 |
4 files changed, 56 insertions, 57 deletions
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index 51366f1..3a346ed 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -103,7 +103,7 @@ static void final_check(unsigned int flags, generic_opt_check(flags, ICMP_NUMBER_OF_OPT, icmp_commands_v_options[cmd], - icmp_optflags); + icmp_optflags, NULL, 0, NULL); } static struct ctproto_handler icmp = { diff --git a/extensions/libct_proto_icmpv6.c b/extensions/libct_proto_icmpv6.c index cfc5979..070eb7f 100644 --- a/extensions/libct_proto_icmpv6.c +++ b/extensions/libct_proto_icmpv6.c @@ -103,10 +103,9 @@ static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) { - generic_opt_check(flags, - ICMPV6_NUMBER_OF_OPT, - icmpv6_commands_v_options[cmd], - icmpv6_optflags); + generic_opt_check(flags, ICMPV6_NUMBER_OF_OPT, + icmpv6_commands_v_options[cmd], icmpv6_optflags, + NULL, 0, NULL); } static struct ctproto_handler icmpv6 = { diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 30d7229..ac54ac7 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -56,10 +56,10 @@ static char tcp_commands_v_options[NUMBER_OF_CMD][TCP_NUMBER_OF_OPT] = { /* 1 2 3 4 5 6 7 8 9 */ /*CT_LIST*/ {2,2,2,2,0,0,2,0,0}, -/*CT_CREATE*/ {2,2,2,2,0,0,1,0,0}, +/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0}, /*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0}, /*CT_DELETE*/ {2,2,2,2,0,0,2,0,0}, -/*CT_GET*/ {2,2,2,2,0,0,2,0,0}, +/*CT_GET*/ {3,3,3,3,0,0,2,0,0}, /*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0}, /*CT_EVENT*/ {2,2,2,2,0,0,2,0,0}, /*CT_VERSION*/ {0,0,0,0,0,0,0,0,0}, @@ -172,36 +172,36 @@ static int parse_options(char c, return 1; } +#define TCP_VALID_FLAGS_MAX 2 +static unsigned int tcp_valid_flags[TCP_VALID_FLAGS_MAX] = { + CT_TCP_ORIG_SPORT | CT_TCP_ORIG_DPORT, + CT_TCP_REPL_SPORT | CT_TCP_REPL_DPORT, +}; + static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) { - if ((1 << cmd) & (CT_CREATE|CT_GET)) { - if (!(flags & CT_TCP_ORIG_SPORT) && - (flags & CT_TCP_ORIG_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--sport'"); - } - if ((flags & CT_TCP_ORIG_SPORT) && - !(flags & CT_TCP_ORIG_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--dport'"); - } - if (!(flags & CT_TCP_REPL_SPORT) && - (flags & CT_TCP_REPL_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--reply-port-src'"); - } - if ((flags & CT_TCP_REPL_SPORT) && - !(flags & CT_TCP_REPL_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--reply-port-dst'"); + int ret, partial; + + ret = generic_opt_check(flags, TCP_NUMBER_OF_OPT, + tcp_commands_v_options[cmd], tcp_optflags, + tcp_valid_flags, TCP_VALID_FLAGS_MAX, &partial); + if (!ret) { + switch(partial) { + case -1: + case 0: + exit_error(PARAMETER_PROBLEM, "you have to specify " + "`--sport' and " + "`--dport'"); + break; + case 1: + exit_error(PARAMETER_PROBLEM, "you have to specify " + "`--reply-src-port' and " + "`--reply-dst-port'"); + break; } } - generic_opt_check(flags, - TCP_NUMBER_OF_OPT, - tcp_commands_v_options[cmd], - tcp_optflags); } static struct ctproto_handler tcp = { diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 4f34e3b..d7c4da1 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -64,10 +64,10 @@ static char udp_commands_v_options[NUMBER_OF_CMD][UDP_NUMBER_OF_OPT] = { /* 1 2 3 4 5 6 7 8 */ /*CT_LIST*/ {2,2,2,2,0,0,0,0}, -/*CT_CREATE*/ {2,2,2,2,0,0,0,0}, +/*CT_CREATE*/ {3,3,3,3,0,0,0,0}, /*CT_UPDATE*/ {2,2,2,2,0,0,0,0}, /*CT_DELETE*/ {2,2,2,2,0,0,0,0}, -/*CT_GET*/ {2,2,2,2,0,0,0,0}, +/*CT_GET*/ {3,3,3,3,0,0,0,0}, /*CT_FLUSH*/ {0,0,0,0,0,0,0,0}, /*CT_EVENT*/ {2,2,2,2,0,0,0,0}, /*CT_VERSION*/ {0,0,0,0,0,0,0,0}, @@ -144,36 +144,36 @@ static int parse_options(char c, return 1; } +#define UDP_VALID_FLAGS_MAX 2 +static unsigned int udp_valid_flags[UDP_VALID_FLAGS_MAX] = { + CT_UDP_ORIG_SPORT | CT_UDP_ORIG_DPORT, + CT_UDP_REPL_SPORT | CT_UDP_REPL_DPORT, +}; + static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) { - if ((1 << cmd) & (CT_CREATE|CT_GET)) { - if (!(flags & CT_UDP_ORIG_SPORT) && - (flags & CT_UDP_ORIG_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--sport'"); - } - if ((flags & CT_UDP_ORIG_SPORT) && - !(flags & CT_UDP_ORIG_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--dport'"); - } - if (!(flags & CT_UDP_REPL_SPORT) && - (flags & CT_UDP_REPL_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--reply-port-src'"); - } - if ((flags & CT_UDP_REPL_SPORT) && - !(flags & CT_UDP_REPL_DPORT)) { - exit_error(PARAMETER_PROBLEM, - "missing `--reply-port-dst'"); + int ret, partial; + + ret = generic_opt_check(flags, UDP_NUMBER_OF_OPT, + udp_commands_v_options[cmd], udp_optflags, + udp_valid_flags, UDP_VALID_FLAGS_MAX, &partial); + if (!ret) { + switch(partial) { + case -1: + case 0: + exit_error(PARAMETER_PROBLEM, "you have to specify " + "`--sport' and " + "`--dport'"); + break; + case 1: + exit_error(PARAMETER_PROBLEM, "you have to specify " + "`--reply-src-port' and " + "`--reply-dst-port'"); + break; } } - generic_opt_check(flags, - UDP_NUMBER_OF_OPT, - udp_commands_v_options[cmd], - udp_optflags); } static struct ctproto_handler udp = { |