diff options
Diffstat (limited to 'extensions/libipt_ah.c')
| -rw-r--r-- | extensions/libipt_ah.c | 93 |
1 files changed, 36 insertions, 57 deletions
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index e04bbe5..6ca13ea 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -5,23 +5,20 @@ #include <stdlib.h> #include <getopt.h> #include <errno.h> -#include <iptables.h> +#include <xtables.h> #include <linux/netfilter_ipv4/ipt_ah.h> - -/* Function which prints out usage message. */ -static void -help(void) + +static void ah_help(void) { printf( -"AH v%s options:\n" -" --ahspi [!] spi[:spi]\n" -" match spi (range)\n", -IPTABLES_VERSION); +"ah match options:\n" +"[!] --ahspi spi[:spi]\n" +" match spi (range)\n"); } -static struct option opts[] = { - { "ahspi", 1, 0, '1' }, - {0} +static const struct option ah_opts[] = { + { "ahspi", 1, NULL, '1' }, + { .name = NULL } }; static u_int32_t @@ -33,18 +30,18 @@ parse_ah_spi(const char *spistr) spi = strtoul(spistr,&ep,0) ; if ( spistr == ep ) { - exit_error(PARAMETER_PROBLEM, + xtables_error(PARAMETER_PROBLEM, "AH no valid digits in spi `%s'", spistr); } if ( spi == ULONG_MAX && errno == ERANGE ) { - exit_error(PARAMETER_PROBLEM, + xtables_error(PARAMETER_PROBLEM, "spi `%s' specified too big: would overflow", spistr); } if ( *spistr != '\0' && *ep != '\0' ) { - exit_error(PARAMETER_PROBLEM, + xtables_error(PARAMETER_PROBLEM, "AH error parsing spi `%s'", spistr); } - return (u_int32_t) spi; + return spi; } static void @@ -66,9 +63,7 @@ parse_ah_spis(const char *spistring, u_int32_t *spis) free(buffer); } -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) +static void ah_init(struct xt_entry_match *m) { struct ipt_ah *ahinfo = (struct ipt_ah *)m->data; @@ -77,23 +72,18 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) #define AH_SPI 0x01 -/* Function which parses command options; returns true if it - ate an option */ -static int -parse(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - unsigned int *nfcache, - struct ipt_entry_match **match) +static int ah_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_match **match) { struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data; switch (c) { case '1': if (*flags & AH_SPI) - exit_error(PARAMETER_PROBLEM, + xtables_error(PARAMETER_PROBLEM, "Only one `--ahspi' allowed"); - check_inverse(optarg, &invert, &optind, 0); - parse_ah_spis(argv[optind-1], ahinfo->spis); + xtables_check_inverse(optarg, &invert, &optind, 0, argv); + parse_ah_spis(optarg, ahinfo->spis); if (invert) ahinfo->invflags |= IPT_AH_INV_SPI; *flags |= AH_SPI; @@ -105,12 +95,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, return 1; } -/* Final check; we don't care. */ -static void -final_check(unsigned int flags) -{ -} - static void print_spis(const char *name, u_int32_t min, u_int32_t max, int invert) @@ -132,10 +116,8 @@ print_spis(const char *name, u_int32_t min, u_int32_t max, } } -/* Prints out the union ipt_matchinfo. */ -static void -print(const struct ipt_ip *ip, - const struct ipt_entry_match *match, int numeric) +static void ah_print(const void *ip, const struct xt_entry_match *match, + int numeric) { const struct ipt_ah *ah = (struct ipt_ah *)match->data; @@ -147,14 +129,13 @@ print(const struct ipt_ip *ip, ah->invflags & ~IPT_AH_INV_MASK); } -/* Saves the union ipt_matchinfo in parsable form to stdout. */ -static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) +static void ah_save(const void *ip, const struct xt_entry_match *match) { const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data; if (!(ahinfo->spis[0] == 0 && ahinfo->spis[1] == 0xFFFFFFFF)) { - printf("--ahspi %s", + printf("%s--ahspi ", (ahinfo->invflags & IPT_AH_INV_SPI) ? "! " : ""); if (ahinfo->spis[0] != ahinfo->spis[1]) @@ -168,23 +149,21 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } -static struct iptables_match ah = { - .next = NULL, +static struct xtables_match ah_mt_reg = { .name = "ah", - .version = IPTABLES_VERSION, - .size = IPT_ALIGN(sizeof(struct ipt_ah)), - .userspacesize = IPT_ALIGN(sizeof(struct ipt_ah)), - .help = &help, - .init = &init, - .parse = &parse, - .final_check = &final_check, - .print = &print, - .save = &save, - .extra_opts = opts + .version = XTABLES_VERSION, + .family = NFPROTO_IPV4, + .size = XT_ALIGN(sizeof(struct ipt_ah)), + .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)), + .help = ah_help, + .init = ah_init, + .parse = ah_parse, + .print = ah_print, + .save = ah_save, + .extra_opts = ah_opts, }; -void -ipt_ah_init(void) +void libipt_ah_init(void) { - register_match(&ah); + xtables_register_match(&ah_mt_reg); } |