Yasuyuki KOZAKAI | 5208806 | 2007-07-24 05:44:11 +0000 | [diff] [blame] | 1 | /* |
| 2 | * (C) 2000-2006 by the netfilter coreteam <coreteam@netfilter.org>: |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License as published by |
| 6 | * the Free Software Foundation; either version 2 of the License, or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
| 15 | * along with this program; if not, write to the Free Software |
| 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 17 | */ |
| 18 | |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 19 | #include <dlfcn.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 20 | #include <errno.h> |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 21 | #include <fcntl.h> |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 22 | #include <netdb.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 23 | #include <stdio.h> |
| 24 | #include <stdlib.h> |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 25 | #include <string.h> |
| 26 | #include <unistd.h> |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 27 | #include <sys/socket.h> |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 28 | #include <sys/stat.h> |
| 29 | #include <sys/types.h> |
| 30 | #include <sys/wait.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 31 | |
Yasuyuki KOZAKAI | 5208806 | 2007-07-24 05:44:11 +0000 | [diff] [blame] | 32 | #include <xtables.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 33 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 34 | #define NPROTO 255 |
| 35 | |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 36 | #ifndef PROC_SYS_MODPROBE |
| 37 | #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" |
| 38 | #endif |
| 39 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 40 | char *lib_dir; |
| 41 | |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 42 | /* the path to command to load kernel module */ |
| 43 | const char *modprobe = NULL; |
| 44 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 45 | /* Keeping track of external matches and targets: linked lists. */ |
| 46 | struct xtables_match *xtables_matches; |
| 47 | struct xtables_target *xtables_targets; |
| 48 | |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 49 | void *fw_calloc(size_t count, size_t size) |
| 50 | { |
| 51 | void *p; |
| 52 | |
| 53 | if ((p = calloc(count, size)) == NULL) { |
| 54 | perror("ip[6]tables: calloc failed"); |
| 55 | exit(1); |
| 56 | } |
| 57 | |
| 58 | return p; |
| 59 | } |
| 60 | |
| 61 | void *fw_malloc(size_t size) |
| 62 | { |
| 63 | void *p; |
| 64 | |
| 65 | if ((p = malloc(size)) == NULL) { |
| 66 | perror("ip[6]tables: malloc failed"); |
| 67 | exit(1); |
| 68 | } |
| 69 | |
| 70 | return p; |
| 71 | } |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 72 | |
| 73 | static char *get_modprobe(void) |
| 74 | { |
| 75 | int procfile; |
| 76 | char *ret; |
| 77 | |
| 78 | #define PROCFILE_BUFSIZ 1024 |
| 79 | procfile = open(PROC_SYS_MODPROBE, O_RDONLY); |
| 80 | if (procfile < 0) |
| 81 | return NULL; |
| 82 | |
| 83 | ret = (char *) malloc(PROCFILE_BUFSIZ); |
| 84 | if (ret) { |
| 85 | memset(ret, 0, PROCFILE_BUFSIZ); |
| 86 | switch (read(procfile, ret, PROCFILE_BUFSIZ)) { |
| 87 | case -1: goto fail; |
| 88 | case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */ |
| 89 | } |
| 90 | if (ret[strlen(ret)-1]=='\n') |
| 91 | ret[strlen(ret)-1]=0; |
| 92 | close(procfile); |
| 93 | return ret; |
| 94 | } |
| 95 | fail: |
| 96 | free(ret); |
| 97 | close(procfile); |
| 98 | return NULL; |
| 99 | } |
| 100 | |
| 101 | int xtables_insmod(const char *modname, const char *modprobe, int quiet) |
| 102 | { |
| 103 | char *buf = NULL; |
| 104 | char *argv[4]; |
| 105 | int status; |
| 106 | |
| 107 | /* If they don't explicitly set it, read out of kernel */ |
| 108 | if (!modprobe) { |
| 109 | buf = get_modprobe(); |
| 110 | if (!buf) |
| 111 | return -1; |
| 112 | modprobe = buf; |
| 113 | } |
| 114 | |
| 115 | switch (fork()) { |
| 116 | case 0: |
| 117 | argv[0] = (char *)modprobe; |
| 118 | argv[1] = (char *)modname; |
| 119 | if (quiet) { |
| 120 | argv[2] = "-q"; |
| 121 | argv[3] = NULL; |
| 122 | } else { |
| 123 | argv[2] = NULL; |
| 124 | argv[3] = NULL; |
| 125 | } |
| 126 | execv(argv[0], argv); |
| 127 | |
| 128 | /* not usually reached */ |
| 129 | exit(1); |
| 130 | case -1: |
| 131 | return -1; |
| 132 | |
| 133 | default: /* parent */ |
| 134 | wait(&status); |
| 135 | } |
| 136 | |
| 137 | free(buf); |
| 138 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) |
| 139 | return 0; |
| 140 | return -1; |
| 141 | } |
| 142 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 143 | int load_xtables_ko(const char *modprobe, int quiet) |
| 144 | { |
| 145 | static int loaded = 0; |
| 146 | static int ret = -1; |
| 147 | |
| 148 | if (!loaded) { |
| 149 | ret = xtables_insmod(afinfo.kmod, modprobe, quiet); |
| 150 | loaded = (ret == 0); |
| 151 | } |
| 152 | |
| 153 | return ret; |
| 154 | } |
| 155 | |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 156 | int string_to_number_ll(const char *s, unsigned long long min, |
| 157 | unsigned long long max, unsigned long long *ret) |
| 158 | { |
| 159 | unsigned long long number; |
| 160 | char *end; |
| 161 | |
| 162 | /* Handle hex, octal, etc. */ |
| 163 | errno = 0; |
| 164 | number = strtoull(s, &end, 0); |
| 165 | if (*end == '\0' && end != s) { |
| 166 | /* we parsed a number, let's see if we want this */ |
| 167 | if (errno != ERANGE && min <= number && (!max || number <= max)) { |
| 168 | *ret = number; |
| 169 | return 0; |
| 170 | } |
| 171 | } |
| 172 | return -1; |
| 173 | } |
| 174 | |
| 175 | int string_to_number_l(const char *s, unsigned long min, unsigned long max, |
| 176 | unsigned long *ret) |
| 177 | { |
| 178 | int result; |
| 179 | unsigned long long number; |
| 180 | |
| 181 | result = string_to_number_ll(s, min, max, &number); |
| 182 | *ret = (unsigned long)number; |
| 183 | |
| 184 | return result; |
| 185 | } |
| 186 | |
| 187 | int string_to_number(const char *s, unsigned int min, unsigned int max, |
| 188 | unsigned int *ret) |
| 189 | { |
| 190 | int result; |
| 191 | unsigned long number; |
| 192 | |
| 193 | result = string_to_number_l(s, min, max, &number); |
| 194 | *ret = (unsigned int)number; |
| 195 | |
| 196 | return result; |
| 197 | } |
| 198 | |
| 199 | int service_to_port(const char *name, const char *proto) |
| 200 | { |
| 201 | struct servent *service; |
| 202 | |
| 203 | if ((service = getservbyname(name, proto)) != NULL) |
| 204 | return ntohs((unsigned short) service->s_port); |
| 205 | |
| 206 | return -1; |
| 207 | } |
| 208 | |
| 209 | u_int16_t parse_port(const char *port, const char *proto) |
| 210 | { |
| 211 | unsigned int portnum; |
| 212 | |
| 213 | if ((string_to_number(port, 0, 65535, &portnum)) != -1 || |
| 214 | (portnum = service_to_port(port, proto)) != -1) |
| 215 | return (u_int16_t)portnum; |
| 216 | |
| 217 | exit_error(PARAMETER_PROBLEM, |
| 218 | "invalid port/service `%s' specified", port); |
| 219 | } |
| 220 | |
| 221 | void parse_interface(const char *arg, char *vianame, unsigned char *mask) |
| 222 | { |
| 223 | int vialen = strlen(arg); |
| 224 | unsigned int i; |
| 225 | |
| 226 | memset(mask, 0, IFNAMSIZ); |
| 227 | memset(vianame, 0, IFNAMSIZ); |
| 228 | |
| 229 | if (vialen + 1 > IFNAMSIZ) |
| 230 | exit_error(PARAMETER_PROBLEM, |
| 231 | "interface name `%s' must be shorter than IFNAMSIZ" |
| 232 | " (%i)", arg, IFNAMSIZ-1); |
| 233 | |
| 234 | strcpy(vianame, arg); |
| 235 | if ((vialen == 0) || (vialen == 1 && vianame[0] == '+')) |
| 236 | memset(mask, 0, IFNAMSIZ); |
| 237 | else if (vianame[vialen - 1] == '+') { |
| 238 | memset(mask, 0xFF, vialen - 1); |
| 239 | memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1); |
| 240 | /* Don't remove `+' here! -HW */ |
| 241 | } else { |
| 242 | /* Include nul-terminator in match */ |
| 243 | memset(mask, 0xFF, vialen + 1); |
| 244 | memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1); |
| 245 | for (i = 0; vianame[i]; i++) { |
| 246 | if (vianame[i] == ':' || |
| 247 | vianame[i] == '!' || |
| 248 | vianame[i] == '*') { |
Max Kellermann | aae4f82 | 2007-10-17 16:36:49 +0000 | [diff] [blame^] | 249 | fprintf(stderr, |
| 250 | "Warning: weird character in interface" |
| 251 | " `%s' (No aliases, :, ! or *).\n", |
| 252 | vianame); |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 253 | break; |
| 254 | } |
| 255 | } |
| 256 | } |
| 257 | } |
| 258 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 259 | struct xtables_match *find_match(const char *name, enum xt_tryload tryload, |
| 260 | struct xtables_rule_match **matches) |
| 261 | { |
| 262 | struct xtables_match *ptr; |
| 263 | const char *icmp6 = "icmp6"; |
| 264 | |
| 265 | /* This is ugly as hell. Nonetheless, there is no way of changing |
| 266 | * this without hurting backwards compatibility */ |
| 267 | if ( (strcmp(name,"icmpv6") == 0) || |
| 268 | (strcmp(name,"ipv6-icmp") == 0) || |
| 269 | (strcmp(name,"icmp6") == 0) ) |
| 270 | name = icmp6; |
| 271 | |
| 272 | for (ptr = xtables_matches; ptr; ptr = ptr->next) { |
| 273 | if (strcmp(name, ptr->name) == 0) { |
| 274 | struct xtables_match *clone; |
| 275 | |
| 276 | /* First match of this type: */ |
| 277 | if (ptr->m == NULL) |
| 278 | break; |
| 279 | |
| 280 | /* Second and subsequent clones */ |
| 281 | clone = fw_malloc(sizeof(struct xtables_match)); |
| 282 | memcpy(clone, ptr, sizeof(struct xtables_match)); |
| 283 | clone->mflags = 0; |
| 284 | /* This is a clone: */ |
| 285 | clone->next = clone; |
| 286 | |
| 287 | ptr = clone; |
| 288 | break; |
| 289 | } |
| 290 | } |
| 291 | |
| 292 | #ifndef NO_SHARED_LIBS |
| 293 | if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { |
| 294 | char path[strlen(lib_dir) + sizeof("/.so") |
| 295 | + strlen(afinfo.libprefix) + strlen(name)]; |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 296 | |
| 297 | sprintf(path, "%s/libxt_%s.so", lib_dir, name); |
| 298 | if (dlopen(path, RTLD_NOW) != NULL) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 299 | /* Found library. If it didn't register itself, |
| 300 | maybe they specified target as match. */ |
| 301 | ptr = find_match(name, DONT_LOAD, NULL); |
| 302 | |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 303 | if (ptr == NULL) { |
| 304 | sprintf(path, "%s/%s%s.so", lib_dir, afinfo.libprefix, |
| 305 | name); |
| 306 | if (dlopen(path, RTLD_NOW) != NULL) |
| 307 | ptr = find_match(name, DONT_LOAD, NULL); |
| 308 | } |
| 309 | |
| 310 | if (ptr == NULL && tryload == LOAD_MUST_SUCCEED) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 311 | exit_error(PARAMETER_PROBLEM, |
| 312 | "Couldn't load match `%s':%s\n", |
| 313 | name, dlerror()); |
| 314 | } |
| 315 | #else |
| 316 | if (ptr && !ptr->loaded) { |
| 317 | if (tryload != DONT_LOAD) |
| 318 | ptr->loaded = 1; |
| 319 | else |
| 320 | ptr = NULL; |
| 321 | } |
| 322 | if(!ptr && (tryload == LOAD_MUST_SUCCEED)) { |
| 323 | exit_error(PARAMETER_PROBLEM, |
| 324 | "Couldn't find match `%s'\n", name); |
| 325 | } |
| 326 | #endif |
| 327 | |
| 328 | if (ptr && matches) { |
| 329 | struct xtables_rule_match **i; |
| 330 | struct xtables_rule_match *newentry; |
| 331 | |
| 332 | newentry = fw_malloc(sizeof(struct xtables_rule_match)); |
| 333 | |
| 334 | for (i = matches; *i; i = &(*i)->next) { |
| 335 | if (strcmp(name, (*i)->match->name) == 0) |
| 336 | (*i)->completed = 1; |
| 337 | } |
| 338 | newentry->match = ptr; |
| 339 | newentry->completed = 0; |
| 340 | newentry->next = NULL; |
| 341 | *i = newentry; |
| 342 | } |
| 343 | |
| 344 | return ptr; |
| 345 | } |
| 346 | |
| 347 | |
| 348 | struct xtables_target *find_target(const char *name, enum xt_tryload tryload) |
| 349 | { |
| 350 | struct xtables_target *ptr; |
| 351 | |
| 352 | /* Standard target? */ |
| 353 | if (strcmp(name, "") == 0 |
| 354 | || strcmp(name, XTC_LABEL_ACCEPT) == 0 |
| 355 | || strcmp(name, XTC_LABEL_DROP) == 0 |
| 356 | || strcmp(name, XTC_LABEL_QUEUE) == 0 |
| 357 | || strcmp(name, XTC_LABEL_RETURN) == 0) |
| 358 | name = "standard"; |
| 359 | |
| 360 | for (ptr = xtables_targets; ptr; ptr = ptr->next) { |
| 361 | if (strcmp(name, ptr->name) == 0) |
| 362 | break; |
| 363 | } |
| 364 | |
| 365 | #ifndef NO_SHARED_LIBS |
| 366 | if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { |
| 367 | char path[strlen(lib_dir) + sizeof("/.so") |
| 368 | + strlen(afinfo.libprefix) + strlen(name)]; |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 369 | |
| 370 | sprintf(path, "%s/libxt_%s.so", lib_dir, name); |
| 371 | if (dlopen(path, RTLD_NOW) != NULL) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 372 | /* Found library. If it didn't register itself, |
| 373 | maybe they specified match as a target. */ |
| 374 | ptr = find_target(name, DONT_LOAD); |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 375 | |
| 376 | if (ptr == NULL) { |
| 377 | sprintf(path, "%s/%s%s.so", lib_dir, afinfo.libprefix, |
| 378 | name); |
| 379 | if (dlopen(path, RTLD_NOW) != NULL) |
| 380 | ptr = find_target(name, DONT_LOAD); |
| 381 | } |
| 382 | if (ptr == NULL && tryload == LOAD_MUST_SUCCEED) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 383 | exit_error(PARAMETER_PROBLEM, |
| 384 | "Couldn't load target `%s':%s\n", |
| 385 | name, dlerror()); |
| 386 | } |
| 387 | #else |
| 388 | if (ptr && !ptr->loaded) { |
| 389 | if (tryload != DONT_LOAD) |
| 390 | ptr->loaded = 1; |
| 391 | else |
| 392 | ptr = NULL; |
| 393 | } |
| 394 | if(!ptr && (tryload == LOAD_MUST_SUCCEED)) { |
| 395 | exit_error(PARAMETER_PROBLEM, |
| 396 | "Couldn't find target `%s'\n", name); |
| 397 | } |
| 398 | #endif |
| 399 | |
| 400 | if (ptr) |
| 401 | ptr->used = 1; |
| 402 | |
| 403 | return ptr; |
| 404 | } |
| 405 | |
| 406 | static int compatible_revision(const char *name, u_int8_t revision, int opt) |
| 407 | { |
| 408 | struct xt_get_revision rev; |
| 409 | socklen_t s = sizeof(rev); |
| 410 | int max_rev, sockfd; |
| 411 | |
| 412 | sockfd = socket(afinfo.family, SOCK_RAW, IPPROTO_RAW); |
| 413 | if (sockfd < 0) { |
| 414 | fprintf(stderr, "Could not open socket to kernel: %s\n", |
| 415 | strerror(errno)); |
| 416 | exit(1); |
| 417 | } |
| 418 | |
| 419 | load_xtables_ko(modprobe, 1); |
| 420 | |
| 421 | strcpy(rev.name, name); |
| 422 | rev.revision = revision; |
| 423 | |
| 424 | max_rev = getsockopt(sockfd, afinfo.ipproto, opt, &rev, &s); |
| 425 | if (max_rev < 0) { |
| 426 | /* Definitely don't support this? */ |
| 427 | if (errno == ENOENT || errno == EPROTONOSUPPORT) { |
| 428 | close(sockfd); |
| 429 | return 0; |
| 430 | } else if (errno == ENOPROTOOPT) { |
| 431 | close(sockfd); |
| 432 | /* Assume only revision 0 support (old kernel) */ |
| 433 | return (revision == 0); |
| 434 | } else { |
| 435 | fprintf(stderr, "getsockopt failed strangely: %s\n", |
| 436 | strerror(errno)); |
| 437 | exit(1); |
| 438 | } |
| 439 | } |
| 440 | close(sockfd); |
| 441 | return 1; |
| 442 | } |
| 443 | |
| 444 | |
| 445 | static int compatible_match_revision(const char *name, u_int8_t revision) |
| 446 | { |
| 447 | return compatible_revision(name, revision, afinfo.so_rev_match); |
| 448 | } |
| 449 | |
| 450 | static int compatible_target_revision(const char *name, u_int8_t revision) |
| 451 | { |
| 452 | return compatible_revision(name, revision, afinfo.so_rev_target); |
| 453 | } |
| 454 | |
| 455 | void xtables_register_match(struct xtables_match *me) |
| 456 | { |
| 457 | struct xtables_match **i, *old; |
| 458 | |
| 459 | if (strcmp(me->version, program_version) != 0) { |
| 460 | fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n", |
| 461 | program_name, me->name, me->version, program_version); |
| 462 | exit(1); |
| 463 | } |
| 464 | |
| 465 | /* Revision field stole a char from name. */ |
| 466 | if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) { |
| 467 | fprintf(stderr, "%s: target `%s' has invalid name\n", |
| 468 | program_name, me->name); |
| 469 | exit(1); |
| 470 | } |
| 471 | |
| 472 | if (me->family >= NPROTO) { |
| 473 | fprintf(stderr, |
| 474 | "%s: BUG: match %s has invalid protocol family\n", |
| 475 | program_name, me->name); |
| 476 | exit(1); |
| 477 | } |
| 478 | |
| 479 | /* ignore not interested match */ |
| 480 | if (me->family != afinfo.family) |
| 481 | return; |
| 482 | |
| 483 | old = find_match(me->name, DURING_LOAD, NULL); |
| 484 | if (old) { |
| 485 | if (old->revision == me->revision) { |
| 486 | fprintf(stderr, |
| 487 | "%s: match `%s' already registered.\n", |
| 488 | program_name, me->name); |
| 489 | exit(1); |
| 490 | } |
| 491 | |
| 492 | /* Now we have two (or more) options, check compatibility. */ |
| 493 | if (compatible_match_revision(old->name, old->revision) |
| 494 | && old->revision > me->revision) |
| 495 | return; |
| 496 | |
| 497 | /* Replace if compatible. */ |
| 498 | if (!compatible_match_revision(me->name, me->revision)) |
| 499 | return; |
| 500 | |
| 501 | /* Delete old one. */ |
| 502 | for (i = &xtables_matches; *i!=old; i = &(*i)->next); |
| 503 | *i = old->next; |
| 504 | } |
| 505 | |
| 506 | if (me->size != XT_ALIGN(me->size)) { |
| 507 | fprintf(stderr, "%s: match `%s' has invalid size %u.\n", |
| 508 | program_name, me->name, (unsigned int)me->size); |
| 509 | exit(1); |
| 510 | } |
| 511 | |
| 512 | /* Append to list. */ |
| 513 | for (i = &xtables_matches; *i; i = &(*i)->next); |
| 514 | me->next = NULL; |
| 515 | *i = me; |
| 516 | |
| 517 | me->m = NULL; |
| 518 | me->mflags = 0; |
| 519 | } |
| 520 | |
| 521 | void xtables_register_target(struct xtables_target *me) |
| 522 | { |
| 523 | struct xtables_target *old; |
| 524 | |
| 525 | if (strcmp(me->version, program_version) != 0) { |
| 526 | fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n", |
| 527 | program_name, me->name, me->version, program_version); |
| 528 | exit(1); |
| 529 | } |
| 530 | |
| 531 | /* Revision field stole a char from name. */ |
| 532 | if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) { |
| 533 | fprintf(stderr, "%s: target `%s' has invalid name\n", |
| 534 | program_name, me->name); |
| 535 | exit(1); |
| 536 | } |
| 537 | |
| 538 | if (me->family >= NPROTO) { |
| 539 | fprintf(stderr, |
| 540 | "%s: BUG: target %s has invalid protocol family\n", |
| 541 | program_name, me->name); |
| 542 | exit(1); |
| 543 | } |
| 544 | |
| 545 | /* ignore not interested target */ |
| 546 | if (me->family != afinfo.family) |
| 547 | return; |
| 548 | |
| 549 | old = find_target(me->name, DURING_LOAD); |
| 550 | if (old) { |
| 551 | struct xtables_target **i; |
| 552 | |
| 553 | if (old->revision == me->revision) { |
| 554 | fprintf(stderr, |
| 555 | "%s: target `%s' already registered.\n", |
| 556 | program_name, me->name); |
| 557 | exit(1); |
| 558 | } |
| 559 | |
| 560 | /* Now we have two (or more) options, check compatibility. */ |
| 561 | if (compatible_target_revision(old->name, old->revision) |
| 562 | && old->revision > me->revision) |
| 563 | return; |
| 564 | |
| 565 | /* Replace if compatible. */ |
| 566 | if (!compatible_target_revision(me->name, me->revision)) |
| 567 | return; |
| 568 | |
| 569 | /* Delete old one. */ |
| 570 | for (i = &xtables_targets; *i!=old; i = &(*i)->next); |
| 571 | *i = old->next; |
| 572 | } |
| 573 | |
| 574 | if (me->size != XT_ALIGN(me->size)) { |
| 575 | fprintf(stderr, "%s: target `%s' has invalid size %u.\n", |
| 576 | program_name, me->name, (unsigned int)me->size); |
| 577 | exit(1); |
| 578 | } |
| 579 | |
| 580 | /* Prepend to list. */ |
| 581 | me->next = xtables_targets; |
| 582 | xtables_targets = me; |
| 583 | me->t = NULL; |
| 584 | me->tflags = 0; |
| 585 | } |