1 #include <getopt.h> 2 #include <libgen.h> 3 #include <netdb.h> 4 #include <stdbool.h> 5 #include <stdint.h> 6 #include <stdio.h> 7 #include <stdlib.h> 8 #include <string.h> 9 #include <xtables.h> 10 #include "xshared.h" 11 12 /* 13 * Print out any special helps. A user might like to be able to add a --help 14 * to the commandline, and see expected results. So we call help for all 15 * specified matches and targets. 16 */ 17 void print_extension_helps(const struct xtables_target *t, 18 const struct xtables_rule_match *m) 19 { 20 for (; t != NULL; t = t->next) { 21 if (t->used) { 22 printf("\n"); 23 if (t->help == NULL) 24 printf("%s does not take any options\n", 25 t->name); 26 else 27 t->help(); 28 } 29 } 30 for (; m != NULL; m = m->next) { 31 printf("\n"); 32 if (m->match->help == NULL) 33 printf("%s does not take any options\n", 34 m->match->name); 35 else 36 m->match->help(); 37 } 38 } 39 40 const char * 41 proto_to_name(uint8_t proto, int nolookup) 42 { 43 unsigned int i; 44 45 if (proto && !nolookup) { 46 struct protoent *pent = getprotobynumber(proto); 47 if (pent) 48 return pent->p_name; 49 } 50 51 for (i = 0; xtables_chain_protos[i].name != NULL; ++i) 52 if (xtables_chain_protos[i].num == proto) 53 return xtables_chain_protos[i].name; 54 55 return NULL; 56 } 57 58 static struct xtables_match * 59 find_proto(const char *pname, enum xtables_tryload tryload, 60 int nolookup, struct xtables_rule_match **matches) 61 { 62 unsigned int proto; 63 64 if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { 65 const char *protoname = proto_to_name(proto, nolookup); 66 67 if (protoname) 68 return xtables_find_match(protoname, tryload, matches); 69 } else 70 return xtables_find_match(pname, tryload, matches); 71 72 return NULL; 73 } 74 75 /* 76 * Some explanations (after four different bugs in 3 different releases): If 77 * we encounter a parameter, that has not been parsed yet, it's not an option 78 * of an explicitly loaded match or a target. However, we support implicit 79 * loading of the protocol match extension. '-p tcp' means 'l4 proto 6' and at 80 * the same time 'load tcp protocol match on demand if we specify --dport'. 81 * 82 * To make this work, we need to make sure: 83 * - the parameter has not been parsed by a match (m above) 84 * - a protocol has been specified 85 * - the protocol extension has not been loaded yet, or is loaded and unused 86 * [think of ip6tables-restore!] 87 * - the protocol extension can be successively loaded 88 */ 89 static bool should_load_proto(struct iptables_command_state *cs) 90 { 91 if (cs->protocol == NULL) 92 return false; 93 if (find_proto(cs->protocol, XTF_DONT_LOAD, 94 cs->options & OPT_NUMERIC, NULL) == NULL) 95 return true; 96 return !cs->proto_used; 97 } 98 99 struct xtables_match *load_proto(struct iptables_command_state *cs) 100 { 101 if (!should_load_proto(cs)) 102 return NULL; 103 return find_proto(cs->protocol, XTF_TRY_LOAD, 104 cs->options & OPT_NUMERIC, &cs->matches); 105 } 106 107 int command_default(struct iptables_command_state *cs, 108 struct xtables_globals *gl) 109 { 110 struct xtables_rule_match *matchp; 111 struct xtables_match *m; 112 113 if (cs->target != NULL && 114 (cs->target->parse != NULL || cs->target->x6_parse != NULL) && 115 cs->c >= cs->target->option_offset && 116 cs->c < cs->target->option_offset + XT_OPTION_OFFSET_SCALE) { 117 xtables_option_tpcall(cs->c, cs->argv, cs->invert, 118 cs->target, &cs->fw); 119 return 0; 120 } 121 122 for (matchp = cs->matches; matchp; matchp = matchp->next) { 123 m = matchp->match; 124 125 if (matchp->completed || 126 (m->x6_parse == NULL && m->parse == NULL)) 127 continue; 128 if (cs->c < matchp->match->option_offset || 129 cs->c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE) 130 continue; 131 xtables_option_mpcall(cs->c, cs->argv, cs->invert, m, &cs->fw); 132 return 0; 133 } 134 135 /* Try loading protocol */ 136 m = load_proto(cs); 137 if (m != NULL) { 138 size_t size; 139 140 cs->proto_used = 1; 141 142 size = XT_ALIGN(sizeof(struct ip6t_entry_match)) + m->size; 143 144 m->m = xtables_calloc(1, size); 145 m->m->u.match_size = size; 146 strcpy(m->m->u.user.name, m->name); 147 m->m->u.user.revision = m->revision; 148 if (m->init != NULL) 149 m->init(m->m); 150 151 if (m->x6_options != NULL) 152 gl->opts = xtables_options_xfrm(gl->orig_opts, 153 gl->opts, 154 m->x6_options, 155 &m->option_offset); 156 else 157 gl->opts = xtables_merge_options(gl->orig_opts, 158 gl->opts, 159 m->extra_opts, 160 &m->option_offset); 161 if (gl->opts == NULL) 162 xtables_error(OTHER_PROBLEM, "can't alloc memory!"); 163 optind--; 164 /* Indicate to rerun getopt *immediately* */ 165 return 1; 166 } 167 168 if (cs->c == ':') 169 xtables_error(PARAMETER_PROBLEM, "option \"%s\" " 170 "requires an argument", cs->argv[optind-1]); 171 if (cs->c == '?') 172 xtables_error(PARAMETER_PROBLEM, "unknown option " 173 "\"%s\"", cs->argv[optind-1]); 174 xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg); 175 return 0; 176 } 177 178 static mainfunc_t subcmd_get(const char *cmd, const struct subcommand *cb) 179 { 180 for (; cb->name != NULL; ++cb) 181 if (strcmp(cb->name, cmd) == 0) 182 return cb->main; 183 return NULL; 184 } 185 186 int subcmd_main(int argc, char **argv, const struct subcommand *cb) 187 { 188 const char *cmd = basename(*argv); 189 mainfunc_t f = subcmd_get(cmd, cb); 190 191 if (f == NULL && argc > 1) { 192 /* 193 * Unable to find a main method for our command name? 194 * Let's try again with the first argument! 195 */ 196 ++argv; 197 --argc; 198 f = subcmd_get(*argv, cb); 199 } 200 201 /* now we should have a valid function pointer */ 202 if (f != NULL) 203 return f(argc, argv); 204 205 fprintf(stderr, "ERROR: No valid subcommand given.\nValid subcommands:\n"); 206 for (; cb->name != NULL; ++cb) 207 fprintf(stderr, " * %s\n", cb->name); 208 exit(EXIT_FAILURE); 209 } 210
