Yasuyuki KOZAKAI | 5208806 | 2007-07-24 05:44:11 +0000 | [diff] [blame] | 1 | /* |
| 2 | * (C) 2000-2006 by the netfilter coreteam <coreteam@netfilter.org>: |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License as published by |
| 6 | * the Free Software Foundation; either version 2 of the License, or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
| 15 | * along with this program; if not, write to the Free Software |
| 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 17 | */ |
| 18 | |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 19 | #include <errno.h> |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 20 | #include <fcntl.h> |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 21 | #include <netdb.h> |
Jan Engelhardt | cd9e7aa | 2008-01-20 13:18:54 +0000 | [diff] [blame^] | 22 | #include <stdbool.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 23 | #include <stdio.h> |
| 24 | #include <stdlib.h> |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 25 | #include <string.h> |
| 26 | #include <unistd.h> |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 27 | #include <sys/socket.h> |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 28 | #include <sys/stat.h> |
| 29 | #include <sys/types.h> |
| 30 | #include <sys/wait.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 31 | |
Yasuyuki KOZAKAI | 5208806 | 2007-07-24 05:44:11 +0000 | [diff] [blame] | 32 | #include <xtables.h> |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 33 | |
Mike Frysinger | 5a26b5f | 2007-12-19 14:51:17 +0000 | [diff] [blame] | 34 | #ifndef NO_SHARED_LIBS |
| 35 | #include <dlfcn.h> |
| 36 | #endif |
| 37 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 38 | #define NPROTO 255 |
| 39 | |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 40 | #ifndef PROC_SYS_MODPROBE |
| 41 | #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" |
| 42 | #endif |
| 43 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 44 | char *lib_dir; |
| 45 | |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 46 | /* the path to command to load kernel module */ |
| 47 | const char *modprobe = NULL; |
| 48 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 49 | /* Keeping track of external matches and targets: linked lists. */ |
| 50 | struct xtables_match *xtables_matches; |
| 51 | struct xtables_target *xtables_targets; |
| 52 | |
Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 53 | void *fw_calloc(size_t count, size_t size) |
| 54 | { |
| 55 | void *p; |
| 56 | |
| 57 | if ((p = calloc(count, size)) == NULL) { |
| 58 | perror("ip[6]tables: calloc failed"); |
| 59 | exit(1); |
| 60 | } |
| 61 | |
| 62 | return p; |
| 63 | } |
| 64 | |
| 65 | void *fw_malloc(size_t size) |
| 66 | { |
| 67 | void *p; |
| 68 | |
| 69 | if ((p = malloc(size)) == NULL) { |
| 70 | perror("ip[6]tables: malloc failed"); |
| 71 | exit(1); |
| 72 | } |
| 73 | |
| 74 | return p; |
| 75 | } |
Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 76 | |
| 77 | static char *get_modprobe(void) |
| 78 | { |
| 79 | int procfile; |
| 80 | char *ret; |
| 81 | |
| 82 | #define PROCFILE_BUFSIZ 1024 |
| 83 | procfile = open(PROC_SYS_MODPROBE, O_RDONLY); |
| 84 | if (procfile < 0) |
| 85 | return NULL; |
| 86 | |
| 87 | ret = (char *) malloc(PROCFILE_BUFSIZ); |
| 88 | if (ret) { |
| 89 | memset(ret, 0, PROCFILE_BUFSIZ); |
| 90 | switch (read(procfile, ret, PROCFILE_BUFSIZ)) { |
| 91 | case -1: goto fail; |
| 92 | case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */ |
| 93 | } |
| 94 | if (ret[strlen(ret)-1]=='\n') |
| 95 | ret[strlen(ret)-1]=0; |
| 96 | close(procfile); |
| 97 | return ret; |
| 98 | } |
| 99 | fail: |
| 100 | free(ret); |
| 101 | close(procfile); |
| 102 | return NULL; |
| 103 | } |
| 104 | |
| 105 | int xtables_insmod(const char *modname, const char *modprobe, int quiet) |
| 106 | { |
| 107 | char *buf = NULL; |
| 108 | char *argv[4]; |
| 109 | int status; |
| 110 | |
| 111 | /* If they don't explicitly set it, read out of kernel */ |
| 112 | if (!modprobe) { |
| 113 | buf = get_modprobe(); |
| 114 | if (!buf) |
| 115 | return -1; |
| 116 | modprobe = buf; |
| 117 | } |
| 118 | |
| 119 | switch (fork()) { |
| 120 | case 0: |
| 121 | argv[0] = (char *)modprobe; |
| 122 | argv[1] = (char *)modname; |
| 123 | if (quiet) { |
| 124 | argv[2] = "-q"; |
| 125 | argv[3] = NULL; |
| 126 | } else { |
| 127 | argv[2] = NULL; |
| 128 | argv[3] = NULL; |
| 129 | } |
| 130 | execv(argv[0], argv); |
| 131 | |
| 132 | /* not usually reached */ |
| 133 | exit(1); |
| 134 | case -1: |
| 135 | return -1; |
| 136 | |
| 137 | default: /* parent */ |
| 138 | wait(&status); |
| 139 | } |
| 140 | |
| 141 | free(buf); |
| 142 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) |
| 143 | return 0; |
| 144 | return -1; |
| 145 | } |
| 146 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 147 | int load_xtables_ko(const char *modprobe, int quiet) |
| 148 | { |
| 149 | static int loaded = 0; |
| 150 | static int ret = -1; |
| 151 | |
| 152 | if (!loaded) { |
| 153 | ret = xtables_insmod(afinfo.kmod, modprobe, quiet); |
| 154 | loaded = (ret == 0); |
| 155 | } |
| 156 | |
| 157 | return ret; |
| 158 | } |
| 159 | |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 160 | int string_to_number_ll(const char *s, unsigned long long min, |
| 161 | unsigned long long max, unsigned long long *ret) |
| 162 | { |
| 163 | unsigned long long number; |
| 164 | char *end; |
| 165 | |
| 166 | /* Handle hex, octal, etc. */ |
| 167 | errno = 0; |
| 168 | number = strtoull(s, &end, 0); |
| 169 | if (*end == '\0' && end != s) { |
| 170 | /* we parsed a number, let's see if we want this */ |
| 171 | if (errno != ERANGE && min <= number && (!max || number <= max)) { |
| 172 | *ret = number; |
| 173 | return 0; |
| 174 | } |
| 175 | } |
| 176 | return -1; |
| 177 | } |
| 178 | |
| 179 | int string_to_number_l(const char *s, unsigned long min, unsigned long max, |
| 180 | unsigned long *ret) |
| 181 | { |
| 182 | int result; |
| 183 | unsigned long long number; |
| 184 | |
| 185 | result = string_to_number_ll(s, min, max, &number); |
| 186 | *ret = (unsigned long)number; |
| 187 | |
| 188 | return result; |
| 189 | } |
| 190 | |
| 191 | int string_to_number(const char *s, unsigned int min, unsigned int max, |
| 192 | unsigned int *ret) |
| 193 | { |
| 194 | int result; |
| 195 | unsigned long number; |
| 196 | |
| 197 | result = string_to_number_l(s, min, max, &number); |
| 198 | *ret = (unsigned int)number; |
| 199 | |
| 200 | return result; |
| 201 | } |
| 202 | |
Jan Engelhardt | cd9e7aa | 2008-01-20 13:18:54 +0000 | [diff] [blame^] | 203 | /* |
| 204 | * strtonum{,l} - string to number conversion |
| 205 | * |
| 206 | * If @end is NULL, we assume the caller does not want |
| 207 | * a case like "15a", so reject it. |
| 208 | */ |
| 209 | bool strtonuml(const char *s, char **end, unsigned long *value, |
| 210 | unsigned long min, unsigned long max) |
| 211 | { |
| 212 | unsigned long v; |
| 213 | char *my_end; |
| 214 | |
| 215 | errno = 0; |
| 216 | v = strtoul(s, &my_end, 0); |
| 217 | |
| 218 | if (my_end == s) |
| 219 | return false; |
| 220 | if (end != NULL) |
| 221 | *end = my_end; |
| 222 | |
| 223 | if (errno != ERANGE && min <= v && (max == 0 || v <= max)) { |
| 224 | if (value != NULL) |
| 225 | *value = v; |
| 226 | if (end == NULL) |
| 227 | return *my_end == '\0'; |
| 228 | return true; |
| 229 | } |
| 230 | |
| 231 | return false; |
| 232 | } |
| 233 | |
| 234 | bool strtonum(const char *s, char **end, unsigned int *value, |
| 235 | unsigned int min, unsigned int max) |
| 236 | { |
| 237 | unsigned long v; |
| 238 | bool ret; |
| 239 | |
| 240 | ret = strtonuml(s, end, &v, min, max); |
| 241 | if (value != NULL) |
| 242 | *value = v; |
| 243 | return ret; |
| 244 | } |
| 245 | |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 246 | int service_to_port(const char *name, const char *proto) |
| 247 | { |
| 248 | struct servent *service; |
| 249 | |
| 250 | if ((service = getservbyname(name, proto)) != NULL) |
| 251 | return ntohs((unsigned short) service->s_port); |
| 252 | |
| 253 | return -1; |
| 254 | } |
| 255 | |
| 256 | u_int16_t parse_port(const char *port, const char *proto) |
| 257 | { |
| 258 | unsigned int portnum; |
| 259 | |
| 260 | if ((string_to_number(port, 0, 65535, &portnum)) != -1 || |
| 261 | (portnum = service_to_port(port, proto)) != -1) |
| 262 | return (u_int16_t)portnum; |
| 263 | |
| 264 | exit_error(PARAMETER_PROBLEM, |
| 265 | "invalid port/service `%s' specified", port); |
| 266 | } |
| 267 | |
| 268 | void parse_interface(const char *arg, char *vianame, unsigned char *mask) |
| 269 | { |
| 270 | int vialen = strlen(arg); |
| 271 | unsigned int i; |
| 272 | |
| 273 | memset(mask, 0, IFNAMSIZ); |
| 274 | memset(vianame, 0, IFNAMSIZ); |
| 275 | |
| 276 | if (vialen + 1 > IFNAMSIZ) |
| 277 | exit_error(PARAMETER_PROBLEM, |
| 278 | "interface name `%s' must be shorter than IFNAMSIZ" |
| 279 | " (%i)", arg, IFNAMSIZ-1); |
| 280 | |
| 281 | strcpy(vianame, arg); |
| 282 | if ((vialen == 0) || (vialen == 1 && vianame[0] == '+')) |
| 283 | memset(mask, 0, IFNAMSIZ); |
| 284 | else if (vianame[vialen - 1] == '+') { |
| 285 | memset(mask, 0xFF, vialen - 1); |
| 286 | memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1); |
| 287 | /* Don't remove `+' here! -HW */ |
| 288 | } else { |
| 289 | /* Include nul-terminator in match */ |
| 290 | memset(mask, 0xFF, vialen + 1); |
| 291 | memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1); |
| 292 | for (i = 0; vianame[i]; i++) { |
| 293 | if (vianame[i] == ':' || |
| 294 | vianame[i] == '!' || |
| 295 | vianame[i] == '*') { |
Max Kellermann | aae4f82 | 2007-10-17 16:36:49 +0000 | [diff] [blame] | 296 | fprintf(stderr, |
| 297 | "Warning: weird character in interface" |
| 298 | " `%s' (No aliases, :, ! or *).\n", |
| 299 | vianame); |
Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame] | 300 | break; |
| 301 | } |
| 302 | } |
| 303 | } |
| 304 | } |
| 305 | |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 306 | struct xtables_match *find_match(const char *name, enum xt_tryload tryload, |
| 307 | struct xtables_rule_match **matches) |
| 308 | { |
| 309 | struct xtables_match *ptr; |
| 310 | const char *icmp6 = "icmp6"; |
| 311 | |
| 312 | /* This is ugly as hell. Nonetheless, there is no way of changing |
| 313 | * this without hurting backwards compatibility */ |
| 314 | if ( (strcmp(name,"icmpv6") == 0) || |
| 315 | (strcmp(name,"ipv6-icmp") == 0) || |
| 316 | (strcmp(name,"icmp6") == 0) ) |
| 317 | name = icmp6; |
| 318 | |
| 319 | for (ptr = xtables_matches; ptr; ptr = ptr->next) { |
| 320 | if (strcmp(name, ptr->name) == 0) { |
| 321 | struct xtables_match *clone; |
| 322 | |
| 323 | /* First match of this type: */ |
| 324 | if (ptr->m == NULL) |
| 325 | break; |
| 326 | |
| 327 | /* Second and subsequent clones */ |
| 328 | clone = fw_malloc(sizeof(struct xtables_match)); |
| 329 | memcpy(clone, ptr, sizeof(struct xtables_match)); |
| 330 | clone->mflags = 0; |
| 331 | /* This is a clone: */ |
| 332 | clone->next = clone; |
| 333 | |
| 334 | ptr = clone; |
| 335 | break; |
| 336 | } |
| 337 | } |
| 338 | |
| 339 | #ifndef NO_SHARED_LIBS |
| 340 | if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { |
| 341 | char path[strlen(lib_dir) + sizeof("/.so") |
| 342 | + strlen(afinfo.libprefix) + strlen(name)]; |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 343 | |
| 344 | sprintf(path, "%s/libxt_%s.so", lib_dir, name); |
| 345 | if (dlopen(path, RTLD_NOW) != NULL) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 346 | /* Found library. If it didn't register itself, |
| 347 | maybe they specified target as match. */ |
| 348 | ptr = find_match(name, DONT_LOAD, NULL); |
| 349 | |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 350 | if (ptr == NULL) { |
| 351 | sprintf(path, "%s/%s%s.so", lib_dir, afinfo.libprefix, |
| 352 | name); |
| 353 | if (dlopen(path, RTLD_NOW) != NULL) |
| 354 | ptr = find_match(name, DONT_LOAD, NULL); |
| 355 | } |
| 356 | |
| 357 | if (ptr == NULL && tryload == LOAD_MUST_SUCCEED) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 358 | exit_error(PARAMETER_PROBLEM, |
| 359 | "Couldn't load match `%s':%s\n", |
| 360 | name, dlerror()); |
| 361 | } |
| 362 | #else |
| 363 | if (ptr && !ptr->loaded) { |
| 364 | if (tryload != DONT_LOAD) |
| 365 | ptr->loaded = 1; |
| 366 | else |
| 367 | ptr = NULL; |
| 368 | } |
| 369 | if(!ptr && (tryload == LOAD_MUST_SUCCEED)) { |
| 370 | exit_error(PARAMETER_PROBLEM, |
| 371 | "Couldn't find match `%s'\n", name); |
| 372 | } |
| 373 | #endif |
| 374 | |
| 375 | if (ptr && matches) { |
| 376 | struct xtables_rule_match **i; |
| 377 | struct xtables_rule_match *newentry; |
| 378 | |
| 379 | newentry = fw_malloc(sizeof(struct xtables_rule_match)); |
| 380 | |
| 381 | for (i = matches; *i; i = &(*i)->next) { |
| 382 | if (strcmp(name, (*i)->match->name) == 0) |
| 383 | (*i)->completed = 1; |
| 384 | } |
| 385 | newentry->match = ptr; |
| 386 | newentry->completed = 0; |
| 387 | newentry->next = NULL; |
| 388 | *i = newentry; |
| 389 | } |
| 390 | |
| 391 | return ptr; |
| 392 | } |
| 393 | |
| 394 | |
| 395 | struct xtables_target *find_target(const char *name, enum xt_tryload tryload) |
| 396 | { |
| 397 | struct xtables_target *ptr; |
| 398 | |
| 399 | /* Standard target? */ |
| 400 | if (strcmp(name, "") == 0 |
| 401 | || strcmp(name, XTC_LABEL_ACCEPT) == 0 |
| 402 | || strcmp(name, XTC_LABEL_DROP) == 0 |
| 403 | || strcmp(name, XTC_LABEL_QUEUE) == 0 |
| 404 | || strcmp(name, XTC_LABEL_RETURN) == 0) |
| 405 | name = "standard"; |
| 406 | |
| 407 | for (ptr = xtables_targets; ptr; ptr = ptr->next) { |
| 408 | if (strcmp(name, ptr->name) == 0) |
| 409 | break; |
| 410 | } |
| 411 | |
| 412 | #ifndef NO_SHARED_LIBS |
| 413 | if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { |
| 414 | char path[strlen(lib_dir) + sizeof("/.so") |
| 415 | + strlen(afinfo.libprefix) + strlen(name)]; |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 416 | |
| 417 | sprintf(path, "%s/libxt_%s.so", lib_dir, name); |
| 418 | if (dlopen(path, RTLD_NOW) != NULL) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 419 | /* Found library. If it didn't register itself, |
| 420 | maybe they specified match as a target. */ |
| 421 | ptr = find_target(name, DONT_LOAD); |
Yasuyuki KOZAKAI | 170af8c | 2007-08-04 05:22:17 +0000 | [diff] [blame] | 422 | |
| 423 | if (ptr == NULL) { |
| 424 | sprintf(path, "%s/%s%s.so", lib_dir, afinfo.libprefix, |
| 425 | name); |
| 426 | if (dlopen(path, RTLD_NOW) != NULL) |
| 427 | ptr = find_target(name, DONT_LOAD); |
| 428 | } |
| 429 | if (ptr == NULL && tryload == LOAD_MUST_SUCCEED) |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 430 | exit_error(PARAMETER_PROBLEM, |
| 431 | "Couldn't load target `%s':%s\n", |
| 432 | name, dlerror()); |
| 433 | } |
| 434 | #else |
| 435 | if (ptr && !ptr->loaded) { |
| 436 | if (tryload != DONT_LOAD) |
| 437 | ptr->loaded = 1; |
| 438 | else |
| 439 | ptr = NULL; |
| 440 | } |
| 441 | if(!ptr && (tryload == LOAD_MUST_SUCCEED)) { |
| 442 | exit_error(PARAMETER_PROBLEM, |
| 443 | "Couldn't find target `%s'\n", name); |
| 444 | } |
| 445 | #endif |
| 446 | |
| 447 | if (ptr) |
| 448 | ptr->used = 1; |
| 449 | |
| 450 | return ptr; |
| 451 | } |
| 452 | |
| 453 | static int compatible_revision(const char *name, u_int8_t revision, int opt) |
| 454 | { |
| 455 | struct xt_get_revision rev; |
| 456 | socklen_t s = sizeof(rev); |
| 457 | int max_rev, sockfd; |
| 458 | |
| 459 | sockfd = socket(afinfo.family, SOCK_RAW, IPPROTO_RAW); |
| 460 | if (sockfd < 0) { |
Patrick McHardy | df1ef38 | 2007-12-03 15:32:28 +0000 | [diff] [blame] | 461 | if (errno == EPERM) { |
| 462 | /* revision 0 is always supported. */ |
| 463 | if (revision != 0) |
| 464 | fprintf(stderr, "Could not determine whether " |
| 465 | "revision %u is supported, " |
| 466 | "assuming it is.\n", |
| 467 | revision); |
| 468 | return 1; |
| 469 | } |
Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 470 | fprintf(stderr, "Could not open socket to kernel: %s\n", |
| 471 | strerror(errno)); |
| 472 | exit(1); |
| 473 | } |
| 474 | |
| 475 | load_xtables_ko(modprobe, 1); |
| 476 | |
| 477 | strcpy(rev.name, name); |
| 478 | rev.revision = revision; |
| 479 | |
| 480 | max_rev = getsockopt(sockfd, afinfo.ipproto, opt, &rev, &s); |
| 481 | if (max_rev < 0) { |
| 482 | /* Definitely don't support this? */ |
| 483 | if (errno == ENOENT || errno == EPROTONOSUPPORT) { |
| 484 | close(sockfd); |
| 485 | return 0; |
| 486 | } else if (errno == ENOPROTOOPT) { |
| 487 | close(sockfd); |
| 488 | /* Assume only revision 0 support (old kernel) */ |
| 489 | return (revision == 0); |
| 490 | } else { |
| 491 | fprintf(stderr, "getsockopt failed strangely: %s\n", |
| 492 | strerror(errno)); |
| 493 | exit(1); |
| 494 | } |
| 495 | } |
| 496 | close(sockfd); |
| 497 | return 1; |
| 498 | } |
| 499 | |
| 500 | |
| 501 | static int compatible_match_revision(const char *name, u_int8_t revision) |
| 502 | { |
| 503 | return compatible_revision(name, revision, afinfo.so_rev_match); |
| 504 | } |
| 505 | |
| 506 | static int compatible_target_revision(const char *name, u_int8_t revision) |
| 507 | { |
| 508 | return compatible_revision(name, revision, afinfo.so_rev_target); |
| 509 | } |
| 510 | |
| 511 | void xtables_register_match(struct xtables_match *me) |
| 512 | { |
| 513 | struct xtables_match **i, *old; |
| 514 | |
| 515 | if (strcmp(me->version, program_version) != 0) { |
| 516 | fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n", |
| 517 | program_name, me->name, me->version, program_version); |
| 518 | exit(1); |
| 519 | } |
| 520 | |
| 521 | /* Revision field stole a char from name. */ |
| 522 | if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) { |
| 523 | fprintf(stderr, "%s: target `%s' has invalid name\n", |
| 524 | program_name, me->name); |
| 525 | exit(1); |
| 526 | } |
| 527 | |
| 528 | if (me->family >= NPROTO) { |
| 529 | fprintf(stderr, |
| 530 | "%s: BUG: match %s has invalid protocol family\n", |
| 531 | program_name, me->name); |
| 532 | exit(1); |
| 533 | } |
| 534 | |
| 535 | /* ignore not interested match */ |
| 536 | if (me->family != afinfo.family) |
| 537 | return; |
| 538 | |
| 539 | old = find_match(me->name, DURING_LOAD, NULL); |
| 540 | if (old) { |
| 541 | if (old->revision == me->revision) { |
| 542 | fprintf(stderr, |
| 543 | "%s: match `%s' already registered.\n", |
| 544 | program_name, me->name); |
| 545 | exit(1); |
| 546 | } |
| 547 | |
| 548 | /* Now we have two (or more) options, check compatibility. */ |
| 549 | if (compatible_match_revision(old->name, old->revision) |
| 550 | && old->revision > me->revision) |
| 551 | return; |
| 552 | |
| 553 | /* Replace if compatible. */ |
| 554 | if (!compatible_match_revision(me->name, me->revision)) |
| 555 | return; |
| 556 | |
| 557 | /* Delete old one. */ |
| 558 | for (i = &xtables_matches; *i!=old; i = &(*i)->next); |
| 559 | *i = old->next; |
| 560 | } |
| 561 | |
| 562 | if (me->size != XT_ALIGN(me->size)) { |
| 563 | fprintf(stderr, "%s: match `%s' has invalid size %u.\n", |
| 564 | program_name, me->name, (unsigned int)me->size); |
| 565 | exit(1); |
| 566 | } |
| 567 | |
| 568 | /* Append to list. */ |
| 569 | for (i = &xtables_matches; *i; i = &(*i)->next); |
| 570 | me->next = NULL; |
| 571 | *i = me; |
| 572 | |
| 573 | me->m = NULL; |
| 574 | me->mflags = 0; |
| 575 | } |
| 576 | |
| 577 | void xtables_register_target(struct xtables_target *me) |
| 578 | { |
| 579 | struct xtables_target *old; |
| 580 | |
| 581 | if (strcmp(me->version, program_version) != 0) { |
| 582 | fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n", |
| 583 | program_name, me->name, me->version, program_version); |
| 584 | exit(1); |
| 585 | } |
| 586 | |
| 587 | /* Revision field stole a char from name. */ |
| 588 | if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) { |
| 589 | fprintf(stderr, "%s: target `%s' has invalid name\n", |
| 590 | program_name, me->name); |
| 591 | exit(1); |
| 592 | } |
| 593 | |
| 594 | if (me->family >= NPROTO) { |
| 595 | fprintf(stderr, |
| 596 | "%s: BUG: target %s has invalid protocol family\n", |
| 597 | program_name, me->name); |
| 598 | exit(1); |
| 599 | } |
| 600 | |
| 601 | /* ignore not interested target */ |
| 602 | if (me->family != afinfo.family) |
| 603 | return; |
| 604 | |
| 605 | old = find_target(me->name, DURING_LOAD); |
| 606 | if (old) { |
| 607 | struct xtables_target **i; |
| 608 | |
| 609 | if (old->revision == me->revision) { |
| 610 | fprintf(stderr, |
| 611 | "%s: target `%s' already registered.\n", |
| 612 | program_name, me->name); |
| 613 | exit(1); |
| 614 | } |
| 615 | |
| 616 | /* Now we have two (or more) options, check compatibility. */ |
| 617 | if (compatible_target_revision(old->name, old->revision) |
| 618 | && old->revision > me->revision) |
| 619 | return; |
| 620 | |
| 621 | /* Replace if compatible. */ |
| 622 | if (!compatible_target_revision(me->name, me->revision)) |
| 623 | return; |
| 624 | |
| 625 | /* Delete old one. */ |
| 626 | for (i = &xtables_targets; *i!=old; i = &(*i)->next); |
| 627 | *i = old->next; |
| 628 | } |
| 629 | |
| 630 | if (me->size != XT_ALIGN(me->size)) { |
| 631 | fprintf(stderr, "%s: target `%s' has invalid size %u.\n", |
| 632 | program_name, me->name, (unsigned int)me->size); |
| 633 | exit(1); |
| 634 | } |
| 635 | |
| 636 | /* Prepend to list. */ |
| 637 | me->next = xtables_targets; |
| 638 | xtables_targets = me; |
| 639 | me->t = NULL; |
| 640 | me->tflags = 0; |
| 641 | } |