* iptables: accumulated bugfixes and annotations
@ 2011-01-08 15:20 Jan Engelhardt
2011-01-08 15:20 ` [PATCH 01/13] iptables-restore: resolve confusing policy error message Jan Engelhardt
` (13 more replies)
0 siblings, 14 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Hey Pablo,
could you please pull this while Patrick is away, so that users get a
chance to benefit of these accumulated bugfixes.
==
The following changes since commit 3a84b3d5de492e40aff7bae5038b06dd6b6041c4:
Merge branch 'master' of git://dev.medozas.de/iptables (2010-12-15 23:36:19 +0100)
are available in the git repository at:
git://dev.medozas.de/iptables master
Jan Engelhardt (11):
src: const annotations
xt_comment: remove redundant cast
src: use C99/POSIX types
iptables: abort on empty interface specification
xtables: reorder num_old substraction for clarity
ip[6]tables: only call match's parse function when option char is in range
ip[6]tables: only call target's parse function when option char is in range
extensions: remove no longer necessary default: cases
libxt_sctp: fix a typo
libipt_CLUSTERIP: const annotations
libxtables: do some option structure checking
Rob Leslie (1):
iptables-restore: resolve confusing policy error message
Stephen Beahm (1):
libipt_REDIRECT: avoid dereference of uninitialized pointer
extensions/libip6t_HL.c | 4 --
extensions/libip6t_LOG.c | 5 +--
extensions/libip6t_REJECT.c | 3 --
extensions/libip6t_ah.c | 10 ++----
extensions/libip6t_dst.c | 12 +++----
extensions/libip6t_frag.c | 8 ++---
extensions/libip6t_hbh.c | 12 +++----
extensions/libip6t_hl.c | 4 +--
extensions/libip6t_icmp6.c | 13 +++-----
extensions/libip6t_ipv6header.c | 14 ++++-----
extensions/libip6t_mh.c | 13 +++-----
extensions/libip6t_rt.c | 8 ++---
extensions/libipt_CLUSTERIP.c | 8 ++---
extensions/libipt_DNAT.c | 4 +--
extensions/libipt_ECN.c | 2 -
extensions/libipt_LOG.c | 4 +--
extensions/libipt_MASQUERADE.c | 4 +--
extensions/libipt_NETMAP.c | 14 ++++-----
extensions/libipt_REDIRECT.c | 6 +--
extensions/libipt_REJECT.c | 2 -
extensions/libipt_SAME.c | 3 --
extensions/libipt_SNAT.c | 4 +--
extensions/libipt_TTL.c | 4 --
extensions/libipt_ULOG.c | 2 -
extensions/libipt_addrtype.c | 10 ++----
extensions/libipt_ah.c | 8 ++---
extensions/libipt_ecn.c | 2 -
extensions/libipt_icmp.c | 13 +++-----
extensions/libipt_realm.c | 3 --
extensions/libipt_ttl.c | 3 --
extensions/libxt_CHECKSUM.c | 2 -
extensions/libxt_CLASSIFY.c | 3 --
extensions/libxt_CONNMARK.c | 6 +--
extensions/libxt_CONNSECMARK.c | 3 --
extensions/libxt_CT.c | 2 -
extensions/libxt_DSCP.c | 5 +--
extensions/libxt_IDLETIMER.c | 3 --
extensions/libxt_MARK.c | 11 +-----
extensions/libxt_NFLOG.c | 2 -
extensions/libxt_NFQUEUE.c | 4 --
extensions/libxt_RATEEST.c | 3 --
extensions/libxt_SECMARK.c | 2 -
extensions/libxt_SET.c | 6 ----
extensions/libxt_TCPMSS.c | 3 --
extensions/libxt_TOS.c | 7 +---
extensions/libxt_cluster.c | 2 -
extensions/libxt_comment.c | 5 +--
extensions/libxt_connbytes.c | 2 -
extensions/libxt_connlimit.c | 10 ++----
extensions/libxt_connmark.c | 5 +--
extensions/libxt_conntrack.c | 10 +-----
extensions/libxt_cpu.c | 3 --
extensions/libxt_dccp.c | 18 +++++------
extensions/libxt_dscp.c | 3 --
extensions/libxt_esp.c | 8 ++---
extensions/libxt_hashlimit.c | 12 +++----
extensions/libxt_helper.c | 3 --
extensions/libxt_iprange.c | 7 +---
extensions/libxt_ipvs.c | 7 +----
extensions/libxt_length.c | 5 +--
extensions/libxt_limit.c | 13 +++-----
extensions/libxt_mac.c | 3 --
extensions/libxt_mark.c | 5 +--
extensions/libxt_multiport.c | 34 +++++++++------------
extensions/libxt_osf.c | 2 -
extensions/libxt_owner.c | 10 +++---
extensions/libxt_physdev.c | 3 --
extensions/libxt_pkttype.c | 3 --
extensions/libxt_policy.c | 6 +--
extensions/libxt_quota.c | 5 +--
extensions/libxt_rateest.c | 7 +---
extensions/libxt_recent.c | 3 --
extensions/libxt_sctp.c | 19 +++++-------
extensions/libxt_set.c | 6 ----
extensions/libxt_state.c | 3 --
extensions/libxt_statistic.c | 2 -
extensions/libxt_string.c | 3 --
extensions/libxt_tcp.c | 17 ++++------
extensions/libxt_tcpmss.c | 6 +--
extensions/libxt_tos.c | 4 +-
extensions/libxt_u32.c | 4 +-
extensions/libxt_udp.c | 9 ++----
extensions/tos_values.c | 2 +-
include/linux/netfilter/xt_comment.h | 2 +-
ip6tables-restore.c | 2 +-
ip6tables.c | 54 +++++++++++++++++++++------------
iptables-restore.c | 2 +-
iptables.c | 50 ++++++++++++++++++++-----------
libipq/libipq.c | 4 +-
libiptc/libip4tc.c | 4 +-
xshared.h | 4 ++
xtables.c | 42 +++++++++++++++++++-------
92 files changed, 262 insertions(+), 435 deletions(-)
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 01/13] iptables-restore: resolve confusing policy error message
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 02/13] src: const annotations Jan Engelhardt
` (12 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
From: Rob Leslie <rob@mars.org>
When iptables-restore (and ip6tables-restore) is unable to set a
chain's policy, it responds with a confusing message, e.g.:
iptables-restore v1.4.9: Can't set policy "PREROUTING" on "ACCEPT"
line 16: Bad built-in chain name
This is due to the chain and policy arguments being used in the wrong
order. The attached patch corrects this problem.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables-restore.c | 2 +-
iptables-restore.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 008566c..cea5f36 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -312,7 +312,7 @@ int main(int argc, char *argv[])
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
- chain, policy, line,
+ policy, chain, line,
ip6tc_strerror(errno));
}
diff --git a/iptables-restore.c b/iptables-restore.c
index 8c6648e..bf80e78 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -317,7 +317,7 @@ main(int argc, char *argv[])
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
- chain, policy, line,
+ policy, chain, line,
iptc_strerror(errno));
}
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 02/13] src: const annotations
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
2011-01-08 15:20 ` [PATCH 01/13] iptables-restore: resolve confusing policy error message Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 03/13] xt_comment: remove redundant cast Jan Engelhardt
` (11 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Also one int -> uint here on the way through.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 27 ++++++++++++++-------------
iptables.c | 25 +++++++++++++------------
2 files changed, 27 insertions(+), 25 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index 9b1629e..0284791 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -160,7 +160,7 @@ struct xtables_globals ip6tables_globals = {
* optional
*/
-static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
+static const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/* Well, it's better than "Re: Linux vs FreeBSD" */
{
/* -n -s -d -p -j -v -x -i -o --line -c */
@@ -180,7 +180,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x'}
};
-static int inverse_for_options[NUMBER_OF_OPT] =
+static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
{
/* -n */ 0,
/* -s */ IP6T_INV_SRCIP,
@@ -201,7 +201,7 @@ static int inverse_for_options[NUMBER_OF_OPT] =
/* A few hardcoded protocols for 'all' and in case the user has no
/etc/protocols */
struct pprot {
- char *name;
+ const char *name;
u_int8_t num;
};
@@ -211,7 +211,7 @@ proto_to_name(u_int8_t proto, int nolookup)
unsigned int i;
if (proto && !nolookup) {
- struct protoent *pent = getprotobynumber(proto);
+ const struct protoent *pent = getprotobynumber(proto);
if (pent)
return pent->p_name;
}
@@ -235,7 +235,7 @@ exit_tryhelp(int status)
}
static void
-exit_printhelp(struct xtables_rule_match *matches)
+exit_printhelp(const struct xtables_rule_match *matches)
{
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
@@ -569,7 +569,7 @@ print_match(const struct ip6t_entry_match *m,
const struct ip6t_ip6 *ip,
int numeric)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
@@ -593,7 +593,7 @@ print_firewall(const struct ip6t_entry *fw,
unsigned int format,
struct ip6tc_handle *const handle)
{
- struct xtables_target *target = NULL;
+ const struct xtables_target *target = NULL;
const struct ip6t_entry_target *t;
u_int8_t flags;
char buf[BUFSIZ];
@@ -804,12 +804,12 @@ insert_entry(const ip6t_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct xtables_rule_match *matches,
+make_delete_mask(const struct xtables_rule_match *matches,
const struct xtables_target *target)
{
/* Establish mask for comparison */
unsigned int size;
- struct xtables_rule_match *matchp;
+ const struct xtables_rule_match *matchp;
unsigned char *mask, *mptr;
size = sizeof(struct ip6t_entry);
@@ -1035,7 +1035,7 @@ static void print_proto(u_int16_t proto, int invert)
unsigned int i;
const char *invertstr = invert ? "! " : "";
- struct protoent *pent = getprotobynumber(proto);
+ const struct protoent *pent = getprotobynumber(proto);
if (pent) {
printf("%s-p %s ",
invertstr, pent->p_name);
@@ -1056,7 +1056,7 @@ static void print_proto(u_int16_t proto, int invert)
static int print_match_save(const struct ip6t_entry_match *e,
const struct ip6t_ip6 *ip)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
@@ -1077,7 +1077,8 @@ static int print_match_save(const struct ip6t_entry_match *e,
}
/* print a given ip including mask if neccessary */
-static void print_ip(char *prefix, const struct in6_addr *ip, const struct in6_addr *mask, int invert)
+static void print_ip(const char *prefix, const struct in6_addr *ip,
+ const struct in6_addr *mask, int invert)
{
char buf[51];
int l = ipv6_prefix_length(mask);
@@ -1101,7 +1102,7 @@ static void print_ip(char *prefix, const struct in6_addr *ip, const struct in6_a
void print_rule(const struct ip6t_entry *e,
struct ip6tc_handle *h, const char *chain, int counters)
{
- struct ip6t_entry_target *t;
+ const struct ip6t_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
diff --git a/iptables.c b/iptables.c
index 1127bdd..342ea04 100644
--- a/iptables.c
+++ b/iptables.c
@@ -160,7 +160,7 @@ struct xtables_globals iptables_globals = {
* optional
*/
-static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
+static const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/* Well, it's better than "Re: Linux vs FreeBSD" */
{
/* -n -s -d -p -j -v -x -i -o -f --line -c */
@@ -180,7 +180,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/*LIST_RULES*/{'x','x','x','x','x',' ','x','x','x','x','x','x'}
};
-static int inverse_for_options[NUMBER_OF_OPT] =
+static const int inverse_for_options[NUMBER_OF_OPT] =
{
/* -n */ 0,
/* -s */ IPT_INV_SRCIP,
@@ -248,7 +248,7 @@ exit_tryhelp(int status)
}
static void
-exit_printhelp(struct xtables_rule_match *matches)
+exit_printhelp(const struct xtables_rule_match *matches)
{
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
@@ -573,7 +573,7 @@ print_match(const struct ipt_entry_match *m,
const struct ipt_ip *ip,
int numeric)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
@@ -597,7 +597,7 @@ print_firewall(const struct ipt_entry *fw,
unsigned int format,
struct iptc_handle *const handle)
{
- struct xtables_target *target = NULL;
+ const struct xtables_target *target = NULL;
const struct ipt_entry_target *t;
u_int8_t flags;
char buf[BUFSIZ];
@@ -806,12 +806,12 @@ insert_entry(const ipt_chainlabel chain,
}
static unsigned char *
-make_delete_mask(struct xtables_rule_match *matches,
+make_delete_mask(const struct xtables_rule_match *matches,
const struct xtables_target *target)
{
/* Establish mask for comparison */
unsigned int size;
- struct xtables_rule_match *matchp;
+ const struct xtables_rule_match *matchp;
unsigned char *mask, *mptr;
size = sizeof(struct ipt_entry);
@@ -1008,7 +1008,7 @@ static void print_proto(u_int16_t proto, int invert)
unsigned int i;
const char *invertstr = invert ? "! " : "";
- struct protoent *pent = getprotobynumber(proto);
+ const struct protoent *pent = getprotobynumber(proto);
if (pent) {
printf("%s-p %s ", invertstr, pent->p_name);
return;
@@ -1064,7 +1064,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
static int print_match_save(const struct ipt_entry_match *e,
const struct ipt_ip *ip)
{
- struct xtables_match *match =
+ const struct xtables_match *match =
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
@@ -1085,7 +1085,8 @@ static int print_match_save(const struct ipt_entry_match *e,
}
/* print a given ip including mask if neccessary */
-static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
+static void print_ip(const char *prefix, u_int32_t ip,
+ u_int32_t mask, int invert)
{
u_int32_t bits, hmask = ntohl(mask);
int i;
@@ -1118,7 +1119,7 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
void print_rule(const struct ipt_entry *e,
struct iptc_handle *h, const char *chain, int counters)
{
- struct ipt_entry_target *t;
+ const struct ipt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1168,7 +1169,7 @@ void print_rule(const struct ipt_entry *e,
/* Print targinfo part */
t = ipt_get_target((struct ipt_entry *)e);
if (t->u.user.name[0]) {
- struct xtables_target *target =
+ const struct xtables_target *target =
xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
if (!target) {
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 03/13] xt_comment: remove redundant cast
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
2011-01-08 15:20 ` [PATCH 01/13] iptables-restore: resolve confusing policy error message Jan Engelhardt
2011-01-08 15:20 ` [PATCH 02/13] src: const annotations Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 04/13] src: use C99/POSIX types Jan Engelhardt
` (10 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
---
| 2 +-
| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index a9325a5..dba8bb2 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -86,7 +86,7 @@ comment_save(const void *ip, const struct xt_entry_match *match)
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
printf("--comment ");
- xtables_save_string((const char *)commentinfo->comment);
+ xtables_save_string(commentinfo->comment);
}
static struct xtables_match comment_match = {
--git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h
index eacfedc..0ea5e79 100644
--- a/include/linux/netfilter/xt_comment.h
+++ b/include/linux/netfilter/xt_comment.h
@@ -4,7 +4,7 @@
#define XT_MAX_COMMENT_LEN 256
struct xt_comment_info {
- unsigned char comment[XT_MAX_COMMENT_LEN];
+ char comment[XT_MAX_COMMENT_LEN];
};
#endif /* XT_COMMENT_H */
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 04/13] src: use C99/POSIX types
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (2 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 03/13] xt_comment: remove redundant cast Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 05/13] iptables: abort on empty interface specification Jan Engelhardt
` (9 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
"u_int" was a non-standardized extension predating C99 on some platforms.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libip6t_LOG.c | 2 +-
extensions/libip6t_ah.c | 8 ++++----
extensions/libip6t_dst.c | 10 +++++-----
extensions/libip6t_frag.c | 6 +++---
extensions/libip6t_hbh.c | 10 +++++-----
extensions/libip6t_hl.c | 2 +-
extensions/libip6t_icmp6.c | 10 +++++-----
| 12 ++++++------
extensions/libip6t_mh.c | 10 +++++-----
extensions/libip6t_rt.c | 6 +++---
extensions/libipt_CLUSTERIP.c | 2 +-
extensions/libipt_LOG.c | 2 +-
extensions/libipt_NETMAP.c | 10 +++++-----
extensions/libipt_addrtype.c | 6 +++---
extensions/libipt_ah.c | 6 +++---
extensions/libipt_icmp.c | 10 +++++-----
extensions/libxt_CONNMARK.c | 4 ++--
extensions/libxt_DSCP.c | 2 +-
extensions/libxt_MARK.c | 4 ++--
extensions/libxt_TOS.c | 4 ++--
extensions/libxt_connlimit.c | 8 ++++----
extensions/libxt_connmark.c | 2 +-
extensions/libxt_conntrack.c | 4 ++--
extensions/libxt_dccp.c | 16 ++++++++--------
extensions/libxt_esp.c | 6 +++---
extensions/libxt_hashlimit.c | 10 +++++-----
extensions/libxt_iprange.c | 4 ++--
extensions/libxt_ipvs.c | 2 +-
extensions/libxt_length.c | 2 +-
extensions/libxt_limit.c | 10 +++++-----
extensions/libxt_mark.c | 2 +-
extensions/libxt_multiport.c | 28 ++++++++++++++--------------
extensions/libxt_owner.c | 10 +++++-----
extensions/libxt_policy.c | 4 ++--
extensions/libxt_quota.c | 2 +-
extensions/libxt_rateest.c | 4 ++--
extensions/libxt_sctp.c | 14 +++++++-------
extensions/libxt_tcp.c | 14 +++++++-------
extensions/libxt_tcpmss.c | 4 ++--
extensions/libxt_tos.c | 4 ++--
extensions/libxt_u32.c | 4 ++--
extensions/libxt_udp.c | 6 +++---
extensions/tos_values.c | 2 +-
ip6tables.c | 14 +++++++-------
iptables.c | 16 ++++++++--------
libipq/libipq.c | 4 ++--
libiptc/libip4tc.c | 4 ++--
xtables.c | 10 +++++-----
48 files changed, 168 insertions(+), 168 deletions(-)
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 727ce6a..bb85acb 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -66,7 +66,7 @@ static const struct ip6t_log_names ip6t_log_names[]
{ .name = "warning", .level = LOG_WARNING }
};
-static u_int8_t
+static uint8_t
parse_level(const char *level)
{
unsigned int lev = -1;
diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index 41c5385..fc17429 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -25,7 +25,7 @@ static const struct option ah_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_ah_spi(const char *spistr, const char *typestr)
{
unsigned long int spi;
@@ -50,7 +50,7 @@ parse_ah_spi(const char *spistr, const char *typestr)
}
static void
-parse_ah_spis(const char *spistring, u_int32_t *spis)
+parse_ah_spis(const char *spistring, uint32_t *spis)
{
char *buffer;
char *cp;
@@ -118,7 +118,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_spis(const char *name, u_int32_t min, u_int32_t max,
+print_spis(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
@@ -132,7 +132,7 @@ print_spis(const char *name, u_int32_t min, u_int32_t max,
}
static void
-print_len(const char *name, u_int32_t len, int invert)
+print_len(const char *name, uint32_t len, int invert)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index 9e4875e..f4036f0 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -29,7 +29,7 @@ static const struct option dst_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_opts_num(const char *idstr, const char *typestr)
{
unsigned long int id;
@@ -54,7 +54,7 @@ parse_opts_num(const char *idstr, const char *typestr)
}
static int
-parse_options(const char *optsstr, u_int16_t *opts)
+parse_options(const char *optsstr, uint16_t *opts)
{
char *buffer, *cp, *next, *range;
unsigned int i;
@@ -164,7 +164,7 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_options(unsigned int optsnr, u_int16_t *optsp)
+print_options(unsigned int optsnr, uint16_t *optsp)
{
unsigned int i;
@@ -192,7 +192,7 @@ static void dst_print(const void *ip, const struct xt_entry_match *match,
if (optinfo->flags & IP6T_OPTS_OPTS)
printf("opts ");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
printf("not-strict ");
@@ -215,7 +215,7 @@ static void dst_save(const void *ip, const struct xt_entry_match *match)
if (optinfo->flags & IP6T_OPTS_OPTS)
printf("--dst-opts ");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
printf("--dst-not-strict ");
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index dd23cda..fcaa72b 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -31,7 +31,7 @@ static const struct option frag_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_frag_id(const char *idstr, const char *typestr)
{
unsigned long int id;
@@ -56,7 +56,7 @@ parse_frag_id(const char *idstr, const char *typestr)
}
static void
-parse_frag_ids(const char *idstring, u_int32_t *ids)
+parse_frag_ids(const char *idstring, uint32_t *ids)
{
char *buffer;
char *cp;
@@ -149,7 +149,7 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_ids(const char *name, u_int32_t min, u_int32_t max,
+print_ids(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index cddd615..b706f51 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -31,7 +31,7 @@ static const struct option hbh_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_opts_num(const char *idstr, const char *typestr)
{
unsigned long int id;
@@ -56,7 +56,7 @@ parse_opts_num(const char *idstr, const char *typestr)
}
static int
-parse_options(const char *optsstr, u_int16_t *opts)
+parse_options(const char *optsstr, uint16_t *opts)
{
char *buffer, *cp, *next, *range;
unsigned int i;
@@ -157,7 +157,7 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_options(unsigned int optsnr, u_int16_t *optsp)
+print_options(unsigned int optsnr, uint16_t *optsp)
{
unsigned int i;
@@ -183,7 +183,7 @@ static void hbh_print(const void *ip, const struct xt_entry_match *match,
printf(" ");
}
if (optinfo->flags & IP6T_OPTS_OPTS) printf("opts ");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT) printf("not-strict ");
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
printf("Unknown invflags: 0x%X ",
@@ -202,7 +202,7 @@ static void hbh_save(const void *ip, const struct xt_entry_match *match)
if (optinfo->flags & IP6T_OPTS_OPTS)
printf("--hbh-opts ");
- print_options(optinfo->optsnr, (u_int16_t *)optinfo->opts);
+ print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
printf("--hbh-not-strict ");
}
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index 6e58250..ce4392e 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -27,7 +27,7 @@ static int hl_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data;
- u_int8_t value;
+ uint8_t value;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
value = atoi(optarg);
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index b8a6ec9..2adba82 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -11,8 +11,8 @@
struct icmpv6_names {
const char *name;
- u_int8_t type;
- u_int8_t code_min, code_max;
+ uint8_t type;
+ uint8_t code_min, code_max;
};
static const struct icmpv6_names icmpv6_codes[] = {
@@ -90,7 +90,7 @@ static const struct option icmp6_opts[] = {
};
static void
-parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[])
+parse_icmpv6(const char *icmpv6type, uint8_t *type, uint8_t code[])
{
static const unsigned int limit = ARRAY_SIZE(icmpv6_codes);
unsigned int match = limit;
@@ -174,8 +174,8 @@ static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void print_icmpv6type(u_int8_t type,
- u_int8_t code_min, u_int8_t code_max,
+static void print_icmpv6type(uint8_t type,
+ uint8_t code_min, uint8_t code_max,
int invert,
int numeric)
{
--git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index d6ce248..d4d64e0 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -26,12 +26,12 @@ on whether they contain certain headers */
* /etc/protocols */
struct pprot {
char *name;
- u_int8_t num;
+ uint8_t num;
};
struct numflag {
- u_int8_t proto;
- u_int8_t flag;
+ uint8_t proto;
+ uint8_t flag;
};
static const struct pprot chain_protos[] = {
@@ -68,7 +68,7 @@ static const struct numflag chain_flags[] = {
};
static char *
-proto_to_name(u_int8_t proto, int nolookup)
+proto_to_name(uint8_t proto, int nolookup)
{
unsigned int i;
@@ -85,7 +85,7 @@ proto_to_name(u_int8_t proto, int nolookup)
return NULL;
}
-static u_int16_t
+static uint16_t
name_to_proto(const char *s)
{
unsigned int proto=0;
@@ -217,7 +217,7 @@ static void ipv6header_check(unsigned int flags)
}
static void
-print_header(u_int8_t flags){
+print_header(uint8_t flags){
int have_flag = 0;
while (flags) {
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index 54dd8c6..16cc9ac 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -22,7 +22,7 @@
struct mh_name {
const char *name;
- u_int8_t type;
+ uint8_t type;
};
static const struct mh_name mh_names[] = {
@@ -100,7 +100,7 @@ static unsigned int name_to_type(const char *name)
}
}
-static void parse_mh_types(const char *mhtype, u_int8_t *types)
+static void parse_mh_types(const char *mhtype, uint8_t *types)
{
char *buffer;
char *cp;
@@ -148,7 +148,7 @@ static int mh_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static const char *type_to_name(u_int8_t type)
+static const char *type_to_name(uint8_t type)
{
unsigned int i;
@@ -159,7 +159,7 @@ static const char *type_to_name(u_int8_t type)
return NULL;
}
-static void print_type(u_int8_t type, int numeric)
+static void print_type(uint8_t type, int numeric)
{
const char *name;
if (numeric || !(name = type_to_name(type)))
@@ -168,7 +168,7 @@ static void print_type(u_int8_t type, int numeric)
printf("%s", name);
}
-static void print_types(u_int8_t min, u_int8_t max, int invert, int numeric)
+static void print_types(uint8_t min, uint8_t max, int invert, int numeric)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index f1a50eb..ec0290c 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -38,7 +38,7 @@ static const struct option rt_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_rt_num(const char *idstr, const char *typestr)
{
unsigned long int id;
@@ -63,7 +63,7 @@ parse_rt_num(const char *idstr, const char *typestr)
}
static void
-parse_rt_segsleft(const char *idstring, u_int32_t *ids)
+parse_rt_segsleft(const char *idstring, uint32_t *ids)
{
char *buffer;
char *cp;
@@ -231,7 +231,7 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_nums(const char *name, u_int32_t min, u_int32_t max,
+print_nums(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c
index 492eefc..d622e63 100644
--- a/extensions/libipt_CLUSTERIP.c
+++ b/extensions/libipt_CLUSTERIP.c
@@ -185,7 +185,7 @@ static char *hashmode2str(enum clusterip_hashmode mode)
return retstr;
}
-static char *mac2str(const u_int8_t mac[ETH_ALEN])
+static char *mac2str(const uint8_t mac[ETH_ALEN])
{
static char buf[ETH_ALEN*3];
sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 0c41271..097aec8 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -66,7 +66,7 @@ static const struct ipt_log_names ipt_log_names[]
{ .name = "warning", .level = LOG_WARNING }
};
-static u_int8_t
+static uint8_t
parse_level(const char *level)
{
unsigned int lev = -1;
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index 09262ba..23731af 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -25,10 +25,10 @@ static void NETMAP_help(void)
NETMAP_opts[0].name);
}
-static u_int32_t
+static uint32_t
bits2netmask(int bits)
{
- u_int32_t netmask, bm;
+ uint32_t netmask, bm;
if (bits >= 32 || bits < 0)
return(~0);
@@ -38,9 +38,9 @@ bits2netmask(int bits)
}
static int
-netmask2bits(u_int32_t netmask)
+netmask2bits(uint32_t netmask)
{
- u_int32_t bm;
+ uint32_t bm;
int bits;
netmask = ntohl(netmask);
@@ -66,7 +66,7 @@ parse_to(char *arg, struct nf_nat_range *range)
{
char *slash;
const struct in_addr *ip;
- u_int32_t netmask;
+ uint32_t netmask;
unsigned int bits;
range->flags |= IP_NAT_RANGE_MAP_IPS;
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index 9391b4e..8a64211 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -60,7 +60,7 @@ static void addrtype_help_v1(void)
}
static int
-parse_type(const char *name, size_t len, u_int16_t *mask)
+parse_type(const char *name, size_t len, uint16_t *mask)
{
int i;
@@ -74,7 +74,7 @@ parse_type(const char *name, size_t len, u_int16_t *mask)
return 0;
}
-static void parse_types(const char *arg, u_int16_t *mask)
+static void parse_types(const char *arg, uint16_t *mask)
{
const char *comma;
@@ -197,7 +197,7 @@ static void addrtype_check_v1(unsigned int flags)
"and --limit-iface-out");
}
-static void print_types(u_int16_t mask)
+static void print_types(uint16_t mask)
{
const char *sep = "";
int i;
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index 58ed6d1..3369c66 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -22,7 +22,7 @@ static const struct option ah_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_ah_spi(const char *spistr)
{
unsigned long int spi;
@@ -46,7 +46,7 @@ parse_ah_spi(const char *spistr)
}
static void
-parse_ah_spis(const char *spistring, u_int32_t *spis)
+parse_ah_spis(const char *spistring, uint32_t *spis)
{
char *buffer;
char *cp;
@@ -97,7 +97,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_spis(const char *name, u_int32_t min, u_int32_t max,
+print_spis(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 28985b9..2204027 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -19,8 +19,8 @@
struct icmp_names {
const char *name;
- u_int8_t type;
- u_int8_t code_min, code_max;
+ uint8_t type;
+ uint8_t code_min, code_max;
};
static const struct icmp_names icmp_codes[] = {
@@ -114,7 +114,7 @@ static const struct option icmp_opts[] = {
};
static void
-parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[])
+parse_icmp(const char *icmptype, uint8_t *type, uint8_t code[])
{
static const unsigned int limit = ARRAY_SIZE(icmp_codes);
unsigned int match = limit;
@@ -199,8 +199,8 @@ static int icmp_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void print_icmptype(u_int8_t type,
- u_int8_t code_min, u_int8_t code_max,
+static void print_icmptype(uint8_t type,
+ uint8_t code_min, uint8_t code_max,
int invert,
int numeric)
{
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 6772877..0d43a0d 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -32,7 +32,7 @@
struct xt_connmark_target_info {
unsigned long mark;
unsigned long mask;
- u_int8_t mode;
+ uint8_t mode;
};
enum {
@@ -314,7 +314,7 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target,
case XT_CONNMARK_SET:
if (info->ctmark == 0)
printf("CONNMARK and 0x%x ",
- (unsigned int)(u_int32_t)~info->ctmask);
+ (unsigned int)(uint32_t)~info->ctmask);
else if (info->ctmark == info->ctmask)
printf("CONNMARK or 0x%x ", info->ctmark);
else if (info->ctmask == 0)
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index 9a69824..a6280bf 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -108,7 +108,7 @@ static void DSCP_check(unsigned int flags)
}
static void
-print_dscp(u_int8_t dscp, int numeric)
+print_dscp(uint8_t dscp, int numeric)
{
printf("0x%02x ", dscp);
}
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index 39996d0..e33e0c3 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -23,7 +23,7 @@ enum {
struct xt_mark_target_info_v1 {
unsigned long mark;
- u_int8_t mode;
+ uint8_t mode;
};
enum {
@@ -259,7 +259,7 @@ static void mark_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_mark_tginfo2 *info = (const void *)target->data;
if (info->mark == 0)
- printf("MARK and 0x%x ", (unsigned int)(u_int32_t)~info->mask);
+ printf("MARK and 0x%x ", (unsigned int)(uint32_t)~info->mask);
else if (info->mark == info->mask)
printf("MARK or 0x%x ", info->mark);
else if (info->mask == 0)
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index 9575c05..6ad2216 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -16,7 +16,7 @@
#include "tos_values.c"
struct ipt_tos_target_info {
- u_int8_t tos;
+ uint8_t tos;
};
enum {
@@ -185,7 +185,7 @@ static void tos_tg_print(const void *ip, const struct xt_entry_target *target,
return;
else if (info->tos_value == 0)
printf("TOS and 0x%02x ",
- (unsigned int)(u_int8_t)~info->tos_mask);
+ (unsigned int)(uint8_t)~info->tos_mask);
else if (info->tos_value == info->tos_mask)
printf("TOS or 0x%02x ", info->tos_value);
else if (info->tos_mask == 0)
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index b01d301..0cbcf01 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -32,7 +32,7 @@ static void connlimit_init(struct xt_entry_match *match)
memset(info->v6_mask, 0xFF, sizeof(info->v6_mask));
}
-static void prefix_to_netmask(u_int32_t *mask, unsigned int prefix_len)
+static void prefix_to_netmask(uint32_t *mask, unsigned int prefix_len)
{
if (prefix_len == 0) {
mask[0] = mask[1] = mask[2] = mask[3] = 0;
@@ -124,7 +124,7 @@ static void connlimit_check(unsigned int flags)
"You must specify \"--connlimit-above\"");
}
-static unsigned int count_bits4(u_int32_t mask)
+static unsigned int count_bits4(uint32_t mask)
{
unsigned int bits = 0;
@@ -134,10 +134,10 @@ static unsigned int count_bits4(u_int32_t mask)
return 32 - bits;
}
-static unsigned int count_bits6(const u_int32_t *mask)
+static unsigned int count_bits6(const uint32_t *mask)
{
unsigned int bits = 0, i;
- u_int32_t tmp[4];
+ uint32_t tmp[4];
for (i = 0; i < 4; ++i)
for (tmp[i] = ~ntohl(mask[i]); tmp[i] != 0; tmp[i] >>= 1)
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index 6bb2689..a953443 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -31,7 +31,7 @@
struct xt_connmark_info {
unsigned long mark, mask;
- u_int8_t invert;
+ uint8_t invert;
};
enum {
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index dd3fb6f..dcb1771 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -50,9 +50,9 @@ struct xt_conntrack_info {
unsigned long expires_min, expires_max;
/* Flags word */
- u_int8_t flags;
+ uint8_t flags;
/* Inverse flags */
- u_int8_t invflags;
+ uint8_t invflags;
};
static void conntrack_mt_help(void)
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 104f46f..84f1536 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -55,7 +55,7 @@ static const struct option dccp_opts[] = {
static void
parse_dccp_ports(const char *portstring,
- u_int16_t *ports)
+ uint16_t *ports)
{
char *buffer;
char *cp;
@@ -93,10 +93,10 @@ static const char *const dccp_pkt_types[] = {
[DCCP_PKT_INVALID] = "INVALID",
};
-static u_int16_t
+static uint16_t
parse_dccp_types(const char *typestring)
{
- u_int16_t typemask = 0;
+ uint16_t typemask = 0;
char *ptr, *buffer;
buffer = strdup(typestring);
@@ -117,7 +117,7 @@ parse_dccp_types(const char *typestring)
return typemask;
}
-static u_int8_t parse_dccp_option(char *optstring)
+static uint8_t parse_dccp_option(char *optstring)
{
unsigned int ret;
@@ -201,7 +201,7 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
char *service;
@@ -212,7 +212,7 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
@@ -233,7 +233,7 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
}
static void
-print_types(u_int16_t types, int inverted, int numeric)
+print_types(uint16_t types, int inverted, int numeric)
{
int have_type = 0;
@@ -260,7 +260,7 @@ print_types(u_int16_t types, int inverted, int numeric)
}
static void
-print_option(u_int8_t option, int invert, int numeric)
+print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
printf("option=%s%u ", invert ? "!" : "", option);
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 070a6a4..b95ae1c 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -24,7 +24,7 @@ static const struct option esp_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int32_t
+static uint32_t
parse_esp_spi(const char *spistr)
{
unsigned long int spi;
@@ -48,7 +48,7 @@ parse_esp_spi(const char *spistr)
}
static void
-parse_esp_spis(const char *spistring, u_int32_t *spis)
+parse_esp_spis(const char *spistring, uint32_t *spis)
{
char *buffer;
char *cp;
@@ -103,7 +103,7 @@ esp_parse(int c, char **argv, int invert, unsigned int *flags,
}
static void
-print_spis(const char *name, u_int32_t min, u_int32_t max,
+print_spis(const char *name, uint32_t min, uint32_t max,
int invert)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index fbf19d2..b26628a 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -95,11 +95,11 @@ static const struct option hashlimit_mt_opts[] = {
};
static
-int parse_rate(const char *rate, u_int32_t *val)
+int parse_rate(const char *rate, uint32_t *val)
{
const char *delim;
- u_int32_t r;
- u_int32_t mult = 1; /* Seconds by default. */
+ uint32_t r;
+ uint32_t mult = 1; /* Seconds by default. */
delim = strchr(rate, '/');
if (delim) {
@@ -475,13 +475,13 @@ static void hashlimit_mt_check(unsigned int flags)
static const struct rates
{
const char *name;
- u_int32_t mult;
+ uint32_t mult;
} rates[] = { { "day", XT_HASHLIMIT_SCALE*24*60*60 },
{ "hour", XT_HASHLIMIT_SCALE*60*60 },
{ "min", XT_HASHLIMIT_SCALE*60 },
{ "sec", XT_HASHLIMIT_SCALE } };
-static void print_rate(u_int32_t period)
+static void print_rate(uint32_t period)
{
unsigned int i;
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 6b511b5..6565d42 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -21,7 +21,7 @@ struct ipt_iprange_info {
struct ipt_iprange dst;
/* Flags from above */
- u_int8_t flags;
+ uint8_t flags;
};
enum {
@@ -74,7 +74,7 @@ iprange_parse_spec(const char *from, const char *to, union nf_inet_addr *range,
}
static void iprange_parse_range(char *arg, union nf_inet_addr *range,
- u_int8_t family, const char *optname)
+ uint8_t family, const char *optname)
{
char *dash;
diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index 493d975..83de042 100644
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -85,7 +85,7 @@ static int ipvs_mt_parse(int c, char **argv, int invert, unsigned int *flags,
{
struct xt_ipvs_mtinfo *data = (void *)(*match)->data;
char *p = NULL;
- u_int8_t op = 0;
+ uint8_t op = 0;
if ('0' <= c && c <= '6') {
static const int ops[] = {
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index aeba52f..edcb6b5 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -22,7 +22,7 @@ static const struct option length_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int16_t
+static uint16_t
parse_length(const char *s)
{
unsigned int len;
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index 3f94e21..350cb24 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -35,11 +35,11 @@ static const struct option limit_opts[] = {
};
static
-int parse_rate(const char *rate, u_int32_t *val)
+int parse_rate(const char *rate, uint32_t *val)
{
const char *delim;
- u_int32_t r;
- u_int32_t mult = 1; /* Seconds by default. */
+ uint32_t r;
+ uint32_t mult = 1; /* Seconds by default. */
delim = strchr(rate, '/');
if (delim) {
@@ -122,13 +122,13 @@ limit_parse(int c, char **argv, int invert, unsigned int *flags,
static const struct rates
{
const char *name;
- u_int32_t mult;
+ uint32_t mult;
} rates[] = { { "day", XT_LIMIT_SCALE*24*60*60 },
{ "hour", XT_LIMIT_SCALE*60*60 },
{ "min", XT_LIMIT_SCALE*60 },
{ "sec", XT_LIMIT_SCALE } };
-static void print_rate(u_int32_t period)
+static void print_rate(uint32_t period)
{
unsigned int i;
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index a2bc4f8..d17a7b2 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -11,7 +11,7 @@
struct xt_mark_info {
unsigned long mark, mask;
- u_int8_t invert;
+ uint8_t invert;
};
enum {
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 5b823b6..9ed5931 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -54,7 +54,7 @@ static const struct option multiport_opts[] = {
};
static char *
-proto_to_name(u_int8_t proto)
+proto_to_name(uint8_t proto)
{
switch (proto) {
case IPPROTO_TCP:
@@ -73,7 +73,7 @@ proto_to_name(u_int8_t proto)
}
static unsigned int
-parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
+parse_multi_ports(const char *portstring, uint16_t *ports, const char *proto)
{
char *buffer, *cp, *next;
unsigned int i;
@@ -99,7 +99,7 @@ parse_multi_ports_v1(const char *portstring,
{
char *buffer, *cp, *next, *range;
unsigned int i;
- u_int16_t m;
+ uint16_t m;
buffer = strdup(portstring);
if (!buffer) xtables_error(OTHER_PROBLEM, "strdup failed");
@@ -133,7 +133,7 @@ parse_multi_ports_v1(const char *portstring,
}
static const char *
-check_proto(u_int16_t pnum, u_int8_t invflags)
+check_proto(uint16_t pnum, uint8_t invflags)
{
char *proto;
@@ -156,8 +156,8 @@ check_proto(u_int16_t pnum, u_int8_t invflags)
ate an option */
static int
__multiport_parse(int c, char **argv, int invert, unsigned int *flags,
- struct xt_entry_match **match, u_int16_t pnum,
- u_int8_t invflags)
+ struct xt_entry_match **match, uint16_t pnum,
+ uint8_t invflags)
{
const char *proto;
struct xt_multiport *multiinfo
@@ -223,8 +223,8 @@ multiport_parse6(int c, char **argv, int invert, unsigned int *flags,
static int
__multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
- struct xt_entry_match **match, u_int16_t pnum,
- u_int8_t invflags)
+ struct xt_entry_match **match, uint16_t pnum,
+ uint8_t invflags)
{
const char *proto;
struct xt_multiport_v1 *multiinfo
@@ -292,7 +292,7 @@ static void multiport_check(unsigned int flags)
}
static char *
-port_to_service(int port, u_int8_t proto)
+port_to_service(int port, uint8_t proto)
{
struct servent *service;
@@ -303,7 +303,7 @@ port_to_service(int port, u_int8_t proto)
}
static void
-print_port(u_int16_t port, u_int8_t protocol, int numeric)
+print_port(uint16_t port, uint8_t protocol, int numeric)
{
char *service;
@@ -316,7 +316,7 @@ print_port(u_int16_t port, u_int8_t protocol, int numeric)
/* Prints out the matchinfo. */
static void
__multiport_print(const struct xt_entry_match *match, int numeric,
- u_int16_t proto)
+ uint16_t proto)
{
const struct xt_multiport *multiinfo
= (const struct xt_multiport *)match->data;
@@ -364,7 +364,7 @@ static void multiport_print6(const void *ip_void,
}
static void __multiport_print_v1(const struct xt_entry_match *match,
- int numeric, u_int16_t proto)
+ int numeric, uint16_t proto)
{
const struct xt_multiport_v1 *multiinfo
= (const struct xt_multiport_v1 *)match->data;
@@ -420,7 +420,7 @@ static void multiport_print6_v1(const void *ip_void,
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void __multiport_save(const struct xt_entry_match *match,
- u_int16_t proto)
+ uint16_t proto)
{
const struct xt_multiport *multiinfo
= (const struct xt_multiport *)match->data;
@@ -462,7 +462,7 @@ static void multiport_save6(const void *ip_void,
}
static void __multiport_save_v1(const struct xt_entry_match *match,
- u_int16_t proto)
+ uint16_t proto)
{
const struct xt_multiport_v1 *multiinfo
= (const struct xt_multiport_v1 *)match->data;
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index 867ed49..b9b1104 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -37,7 +37,7 @@ struct ipt_owner_info {
pid_t pid;
pid_t sid;
char comm[16];
- u_int8_t match, invert; /* flags */
+ uint8_t match, invert; /* flags */
};
struct ip6t_owner_info {
@@ -46,7 +46,7 @@ struct ip6t_owner_info {
pid_t pid;
pid_t sid;
char comm[16];
- u_int8_t match, invert; /* flags */
+ uint8_t match, invert; /* flags */
};
/*
@@ -353,7 +353,7 @@ static void owner_mt_check(unsigned int flags)
static void
owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
- u_int8_t flag, bool numeric)
+ uint8_t flag, bool numeric)
{
if (!(info->match & flag))
return;
@@ -404,7 +404,7 @@ owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
static void
owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
- u_int8_t flag, bool numeric)
+ uint8_t flag, bool numeric)
{
if (!(info->match & flag))
return;
@@ -449,7 +449,7 @@ owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
static void
owner_mt_print_item(const struct xt_owner_match_info *info, const char *label,
- u_int8_t flag, bool numeric)
+ uint8_t flag, bool numeric)
{
if (!(info->match & flag))
return;
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c
index 3ddb3ec..3fea146 100644
--- a/extensions/libxt_policy.c
+++ b/extensions/libxt_policy.c
@@ -330,7 +330,7 @@ static void policy_check(unsigned int flags)
}
}
-static void print_mode(const char *prefix, u_int8_t mode, int numeric)
+static void print_mode(const char *prefix, uint8_t mode, int numeric)
{
printf("%smode ", prefix);
@@ -347,7 +347,7 @@ static void print_mode(const char *prefix, u_int8_t mode, int numeric)
}
}
-static void print_proto(const char *prefix, u_int8_t proto, int numeric)
+static void print_proto(const char *prefix, uint8_t proto, int numeric)
{
struct protoent *p = NULL;
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index cfd975d..9a88cba 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -39,7 +39,7 @@ quota_save(const void *ip, const struct xt_entry_match *match)
/* parse quota option */
static int
-parse_quota(const char *s, u_int64_t * quota)
+parse_quota(const char *s, uint64_t * quota)
{
*quota = strtoull(s, NULL, 10);
diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c
index 6aefb5c..3809fe7 100644
--- a/extensions/libxt_rateest.c
+++ b/extensions/libxt_rateest.c
@@ -84,7 +84,7 @@ static const struct rate_suffix {
};
static int
-rateest_get_rate(u_int32_t *rate, const char *str)
+rateest_get_rate(uint32_t *rate, const char *str)
{
char *p;
double bps = strtod(str, &p);
@@ -318,7 +318,7 @@ rateest_final_check(unsigned int flags)
}
static void
-rateest_print_rate(u_int32_t rate, int numeric)
+rateest_print_rate(uint32_t rate, int numeric)
{
double tmp = (double)rate*8;
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index 80406f7..fe010aa 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -28,7 +28,7 @@
#endif
static void
-print_chunk(u_int32_t chunknum, int numeric);
+print_chunk(uint32_t chunknum, int numeric);
static void sctp_init(struct xt_entry_match *m)
{
@@ -66,7 +66,7 @@ static const struct option sctp_opts[] = {
static void
parse_sctp_ports(const char *portstring,
- u_int16_t *ports)
+ uint16_t *ports)
{
char *buffer;
char *cp;
@@ -315,7 +315,7 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
char *service;
@@ -326,7 +326,7 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
@@ -347,7 +347,7 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
}
static void
-print_chunk_flags(u_int32_t chunknum, u_int8_t chunk_flags, u_int8_t chunk_flags_mask)
+print_chunk_flags(uint32_t chunknum, uint8_t chunk_flags, uint8_t chunk_flags_mask)
{
int i;
@@ -370,7 +370,7 @@ print_chunk_flags(u_int32_t chunknum, u_int8_t chunk_flags, u_int8_t chunk_flags
}
static void
-print_chunk(u_int32_t chunknum, int numeric)
+print_chunk(uint32_t chunknum, int numeric)
{
if (numeric) {
printf("0x%04X", chunknum);
@@ -387,7 +387,7 @@ print_chunk(u_int32_t chunknum, int numeric)
static void
print_chunks(const struct xt_sctp_info *einfo, int numeric)
{
- u_int32_t chunk_match_type = einfo->chunk_match_type;
+ uint32_t chunk_match_type = einfo->chunk_match_type;
const struct xt_sctp_flag_info *flag_info = einfo->flag_info;
int flag_count = einfo->flag_count;
int i, j;
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 26e533c..df5077f 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -38,7 +38,7 @@ static const struct option tcp_opts[] = {
};
static void
-parse_tcp_ports(const char *portstring, u_int16_t *ports)
+parse_tcp_ports(const char *portstring, uint16_t *ports)
{
char *buffer;
char *cp;
@@ -115,7 +115,7 @@ parse_tcp_flags(struct xt_tcp *tcpinfo,
}
static void
-parse_tcp_option(const char *option, u_int8_t *result)
+parse_tcp_option(const char *option, uint8_t *result)
{
unsigned int ret;
@@ -223,7 +223,7 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
char *service;
@@ -234,7 +234,7 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
@@ -255,14 +255,14 @@ print_ports(const char *name, u_int16_t min, u_int16_t max,
}
static void
-print_option(u_int8_t option, int invert, int numeric)
+print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
printf("option=%s%u ", invert ? "!" : "", option);
}
static void
-print_tcpf(u_int8_t flags)
+print_tcpf(uint8_t flags)
{
int have_flag = 0;
@@ -284,7 +284,7 @@ print_tcpf(u_int8_t flags)
}
static void
-print_flags(u_int8_t mask, u_int8_t cmp, int invert, int numeric)
+print_flags(uint8_t mask, uint8_t cmp, int invert, int numeric)
{
if (mask || invert) {
printf("flags:%s", invert ? "!" : "");
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 110c60d..8dfbb14 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -22,7 +22,7 @@ static const struct option tcpmss_opts[] = {
XT_GETOPT_TABLEEND,
};
-static u_int16_t
+static uint16_t
parse_tcp_mssvalue(const char *mssvalue)
{
unsigned int mssvaluenum;
@@ -36,7 +36,7 @@ parse_tcp_mssvalue(const char *mssvalue)
static void
parse_tcp_mssvalues(const char *mssvaluestring,
- u_int16_t *mss_min, u_int16_t *mss_max)
+ uint16_t *mss_min, uint16_t *mss_max)
{
char *buffer;
char *cp;
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index f78594a..435f68e 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -16,8 +16,8 @@
#include "tos_values.c"
struct ipt_tos_info {
- u_int8_t tos;
- u_int8_t invert;
+ uint8_t tos;
+ uint8_t invert;
};
enum {
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 67e6068..054a5b2 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -85,9 +85,9 @@ static void u32_dump(const struct xt_u32 *data)
}
/* string_to_number() is not quite what we need here ... */
-static u_int32_t parse_number(char **s, int pos)
+static uint32_t parse_number(char **s, int pos)
{
- u_int32_t number;
+ uint32_t number;
char *end;
errno = 0;
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 3006c04..70e939d 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -30,7 +30,7 @@ static const struct option udp_opts[] = {
};
static void
-parse_udp_ports(const char *portstring, u_int16_t *ports)
+parse_udp_ports(const char *portstring, uint16_t *ports)
{
char *buffer;
char *cp;
@@ -110,7 +110,7 @@ port_to_service(int port)
}
static void
-print_port(u_int16_t port, int numeric)
+print_port(uint16_t port, int numeric)
{
char *service;
@@ -121,7 +121,7 @@ print_port(u_int16_t port, int numeric)
}
static void
-print_ports(const char *name, u_int16_t min, u_int16_t max,
+print_ports(const char *name, uint16_t min, uint16_t max,
int invert, int numeric)
{
const char *inv = invert ? "!" : "";
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index a65ef25..129203b 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -82,7 +82,7 @@ static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
}
static bool tos_try_print_symbolic(const char *prefix,
- u_int8_t value, u_int8_t mask)
+ uint8_t value, uint8_t mask)
{
const struct tos_symbol_info *symbol;
diff --git a/ip6tables.c b/ip6tables.c
index 0284791..84908eb 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -202,11 +202,11 @@ static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
/etc/protocols */
struct pprot {
const char *name;
- u_int8_t num;
+ uint8_t num;
};
static const char *
-proto_to_name(u_int8_t proto, int nolookup)
+proto_to_name(uint8_t proto, int nolookup)
{
unsigned int i;
@@ -425,7 +425,7 @@ find_proto(const char *pname, enum xtables_tryload tryload,
}
/* These are invalid numbers as upper layer protocol */
-static int is_exthdr(u_int16_t proto)
+static int is_exthdr(uint16_t proto)
{
return (proto == IPPROTO_ROUTING ||
proto == IPPROTO_FRAGMENT ||
@@ -468,7 +468,7 @@ parse_target(const char *targetname)
}
static void
-set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
+set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
int invert)
{
if (*options & option)
@@ -489,7 +489,7 @@ set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
}
static void
-print_num(u_int64_t number, unsigned int format)
+print_num(uint64_t number, unsigned int format)
{
if (format & FMT_KILOMEGAGIGA) {
if (number > 99999) {
@@ -595,7 +595,7 @@ print_firewall(const struct ip6t_entry *fw,
{
const struct xtables_target *target = NULL;
const struct ip6t_entry_target *t;
- u_int8_t flags;
+ uint8_t flags;
char buf[BUFSIZ];
if (!ip6tc_is_chain(targname, handle))
@@ -1029,7 +1029,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
}
/* The ip6tables looks up the /etc/protocols. */
-static void print_proto(u_int16_t proto, int invert)
+static void print_proto(uint16_t proto, int invert)
{
if (proto) {
unsigned int i;
diff --git a/iptables.c b/iptables.c
index 342ea04..6549c1d 100644
--- a/iptables.c
+++ b/iptables.c
@@ -214,7 +214,7 @@ int kernel_version;
#endif
static const char *
-proto_to_name(u_int8_t proto, int nolookup)
+proto_to_name(uint8_t proto, int nolookup)
{
unsigned int i;
@@ -472,7 +472,7 @@ parse_target(const char *targetname)
}
static void
-set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
+set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
int invert)
{
if (*options & option)
@@ -493,7 +493,7 @@ set_option(unsigned int *options, unsigned int option, u_int8_t *invflg,
}
static void
-print_num(u_int64_t number, unsigned int format)
+print_num(uint64_t number, unsigned int format)
{
if (format & FMT_KILOMEGAGIGA) {
if (number > 99999) {
@@ -599,7 +599,7 @@ print_firewall(const struct ipt_entry *fw,
{
const struct xtables_target *target = NULL;
const struct ipt_entry_target *t;
- u_int8_t flags;
+ uint8_t flags;
char buf[BUFSIZ];
if (!iptc_is_chain(targname, handle))
@@ -1002,7 +1002,7 @@ list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric,
return found;
}
-static void print_proto(u_int16_t proto, int invert)
+static void print_proto(uint16_t proto, int invert)
{
if (proto) {
unsigned int i;
@@ -1085,10 +1085,10 @@ static int print_match_save(const struct ipt_entry_match *e,
}
/* print a given ip including mask if neccessary */
-static void print_ip(const char *prefix, u_int32_t ip,
- u_int32_t mask, int invert)
+static void print_ip(const char *prefix, uint32_t ip,
+ uint32_t mask, int invert)
{
- u_int32_t bits, hmask = ntohl(mask);
+ uint32_t bits, hmask = ntohl(mask);
int i;
if (!mask && !ip && !invert)
diff --git a/libipq/libipq.c b/libipq/libipq.c
index 620cc2d..e330487 100644
--- a/libipq/libipq.c
+++ b/libipq/libipq.c
@@ -206,7 +206,7 @@ static char *ipq_strerror(int errcode)
/*
* Create and initialise an ipq handle.
*/
-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol)
+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol)
{
int status;
struct ipq_handle *h;
@@ -267,7 +267,7 @@ int ipq_destroy_handle(struct ipq_handle *h)
}
int ipq_set_mode(const struct ipq_handle *h,
- u_int8_t mode, size_t range)
+ uint8_t mode, size_t range)
{
struct {
struct nlmsghdr nlh;
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index 0c64ac8..c1d78e2 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -220,8 +220,8 @@ unconditional(const struct ipt_ip *ip)
{
unsigned int i;
- for (i = 0; i < sizeof(*ip)/sizeof(u_int32_t); i++)
- if (((u_int32_t *)ip)[i])
+ for (i = 0; i < sizeof(*ip)/sizeof(uint32_t); i++)
+ if (((uint32_t *)ip)[i])
return 0;
return 1;
diff --git a/xtables.c b/xtables.c
index 2137c98..566b5c3 100644
--- a/xtables.c
+++ b/xtables.c
@@ -438,7 +438,7 @@ int xtables_service_to_port(const char *name, const char *proto)
return -1;
}
-u_int16_t xtables_parse_port(const char *port, const char *proto)
+uint16_t xtables_parse_port(const char *port, const char *proto)
{
unsigned int portnum;
@@ -669,7 +669,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
return ptr;
}
-static int compatible_revision(const char *name, u_int8_t revision, int opt)
+static int compatible_revision(const char *name, uint8_t revision, int opt)
{
struct xt_get_revision rev;
socklen_t s = sizeof(rev);
@@ -717,12 +717,12 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
}
-static int compatible_match_revision(const char *name, u_int8_t revision)
+static int compatible_match_revision(const char *name, uint8_t revision)
{
return compatible_revision(name, revision, afinfo->so_rev_match);
}
-static int compatible_target_revision(const char *name, u_int8_t revision)
+static int compatible_target_revision(const char *name, uint8_t revision)
{
return compatible_revision(name, revision, afinfo->so_rev_target);
}
@@ -1688,7 +1688,7 @@ const struct xtables_pprot xtables_chain_protos[] = {
{NULL},
};
-u_int16_t
+uint16_t
xtables_parse_protocol(const char *s)
{
unsigned int proto;
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 05/13] iptables: abort on empty interface specification
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (3 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 04/13] src: use C99/POSIX types Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 06/13] xtables: reorder num_old substraction for clarity Jan Engelhardt
` (8 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Fiedler Roman brings to attention that if, in a faulty script,
"$some_variable" expands to an empty string, iptables should probably
catch this most likely undesired invocation. If no/all interfaces were
really desired, one can either omit -i completely, or use -i +.
References: http://marc.info/?l=netfilter&m=129439862903487&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 8 ++++++++
iptables.c | 8 ++++++++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index 84908eb..b8449f6 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1573,6 +1573,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
case 'i':
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
xtables_check_inverse(optarg, &invert, &optind, argc, argv);
set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags,
invert);
@@ -1582,6 +1586,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case 'o':
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
xtables_check_inverse(optarg, &invert, &optind, argc, argv);
set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags,
invert);
diff --git a/iptables.c b/iptables.c
index 6549c1d..e0efbf1 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1590,6 +1590,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
case 'i':
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
xtables_check_inverse(optarg, &invert, &optind, argc, argv);
set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags,
invert);
@@ -1599,6 +1603,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case 'o':
+ if (*optarg == '\0')
+ xtables_error(PARAMETER_PROBLEM,
+ "Empty interface is likely to be "
+ "undesired");
xtables_check_inverse(optarg, &invert, &optind, argc, argv);
set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags,
invert);
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 06/13] xtables: reorder num_old substraction for clarity
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (4 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 05/13] iptables: abort on empty interface specification Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 07/13] ip[6]tables: only call match's parse function when option char is in range Jan Engelhardt
` (7 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
When going over this again, I noticed we happen to malloc too much.
That is no problem, but I felt moving the num_old adjustment upwards
makes things more clear, and also addresses the allocation.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtables.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/xtables.c b/xtables.c
index 566b5c3..b630901 100644
--- a/xtables.c
+++ b/xtables.c
@@ -95,6 +95,13 @@ struct option *xtables_merge_options(struct option *orig_opts,
for (num_old = 0; oldopts[num_old].name; num_old++) ;
for (num_new = 0; newopts[num_new].name; num_new++) ;
+ /*
+ * Since @oldopts also has @orig_opts already (and does so at the
+ * start), skip these entries.
+ */
+ oldopts += num_oold;
+ num_old -= num_oold;
+
merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1));
if (merge == NULL)
return NULL;
@@ -103,10 +110,6 @@ struct option *xtables_merge_options(struct option *orig_opts,
memcpy(merge, orig_opts, sizeof(*mp) * num_oold);
mp = merge + num_oold;
- /* Since @opts also has @orig_opts already, skip the entries */
- oldopts += num_oold;
- num_old -= num_oold;
-
/* Second, the new options */
xt_params->option_offset += 256;
*option_offset = xt_params->option_offset;
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 07/13] ip[6]tables: only call match's parse function when option char is in range
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (5 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 06/13] xtables: reorder num_old substraction for clarity Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 08/13] ip[6]tables: only call target's " Jan Engelhardt
` (6 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Normally, extensions use a "default:" case in switch(c) to just return
if they do not handle c. Apparently, libip6t_hl does that too late and
checks for hl-specific parsing state before it has established that c
refers to one of its own options.
Also affected: libipt_ttl, libxt_ipvs, libxt_policy, libxt_statistic.
One way to fix this is to move the flags checks into case '2', '3',
'4'. Doing this replication feels bad, so as an alternative, let's
just free extensions from having to deal with other extension's
options passing thru.
References: http://marc.info/?l=netfilter-devel&m=129444759532377&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 3 +++
iptables.c | 3 +++
xshared.h | 4 ++++
xtables.c | 4 ++--
4 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index b8449f6..4ca4bfe 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1714,6 +1714,9 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
if (matchp->completed ||
matchp->match->parse == NULL)
continue;
+ if (c < matchp->match->option_offset ||
+ c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE)
+ continue;
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
&matchp->match->mflags,
diff --git a/iptables.c b/iptables.c
index e0efbf1..bcacd49 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1746,6 +1746,9 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
if (matchp->completed ||
matchp->match->parse == NULL)
continue;
+ if (c < matchp->match->option_offset ||
+ c >= matchp->match->option_offset + XT_OPTION_OFFSET_SCALE)
+ continue;
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
&matchp->match->mflags,
diff --git a/xshared.h b/xshared.h
index c53b618..e5b2a02 100644
--- a/xshared.h
+++ b/xshared.h
@@ -4,6 +4,10 @@
struct xtables_rule_match;
struct xtables_target;
+enum {
+ XT_OPTION_OFFSET_SCALE = 256,
+};
+
extern void print_extension_helps(const struct xtables_target *,
const struct xtables_rule_match *);
diff --git a/xtables.c b/xtables.c
index b630901..5b7526c 100644
--- a/xtables.c
+++ b/xtables.c
@@ -49,7 +49,7 @@
# define IP6T_SO_GET_REVISION_TARGET 69
#endif
#include <getopt.h>
-
+#include "xshared.h"
#define NPROTO 255
@@ -111,7 +111,7 @@ struct option *xtables_merge_options(struct option *orig_opts,
mp = merge + num_oold;
/* Second, the new options */
- xt_params->option_offset += 256;
+ xt_params->option_offset += XT_OPTION_OFFSET_SCALE;
*option_offset = xt_params->option_offset;
memcpy(mp, newopts, sizeof(*mp) * num_new);
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 08/13] ip[6]tables: only call target's parse function when option char is in range
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (6 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 07/13] ip[6]tables: only call match's parse function when option char is in range Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 09/13] extensions: remove no longer necessary default: cases Jan Engelhardt
` (5 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Same as previous commit. Doing this actually allows to remove code
that is no longer needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 2 ++
iptables.c | 2 ++
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index 4ca4bfe..d4c2339 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1706,6 +1706,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
default:
if (target == NULL || target->parse == NULL ||
+ c < target->option_offset ||
+ c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
!target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
diff --git a/iptables.c b/iptables.c
index bcacd49..b45211a 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1738,6 +1738,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
default:
if (target == NULL || target->parse == NULL ||
+ c < target->option_offset ||
+ c >= target->option_offset + XT_OPTION_OFFSET_SCALE ||
!target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 09/13] extensions: remove no longer necessary default: cases
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (7 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 08/13] ip[6]tables: only call target's " Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 10/13] libxt_sctp: fix a typo Jan Engelhardt
` (4 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Match and target parse functions now only get option characters they
have defined themselves.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libip6t_HL.c | 4 ----
extensions/libip6t_LOG.c | 3 ---
extensions/libip6t_REJECT.c | 3 ---
extensions/libip6t_ah.c | 2 --
extensions/libip6t_dst.c | 2 --
extensions/libip6t_frag.c | 2 --
extensions/libip6t_hbh.c | 2 --
extensions/libip6t_hl.c | 2 --
extensions/libip6t_icmp6.c | 3 ---
| 2 --
extensions/libip6t_mh.c | 3 ---
extensions/libip6t_rt.c | 2 --
extensions/libipt_CLUSTERIP.c | 2 --
extensions/libipt_DNAT.c | 4 +---
extensions/libipt_ECN.c | 2 --
extensions/libipt_LOG.c | 2 --
extensions/libipt_MASQUERADE.c | 4 +---
extensions/libipt_NETMAP.c | 4 +---
extensions/libipt_REDIRECT.c | 4 +---
extensions/libipt_REJECT.c | 2 --
extensions/libipt_SAME.c | 3 ---
extensions/libipt_SNAT.c | 4 +---
extensions/libipt_TTL.c | 4 ----
extensions/libipt_ULOG.c | 2 --
extensions/libipt_addrtype.c | 4 ----
extensions/libipt_ah.c | 2 --
extensions/libipt_ecn.c | 2 --
extensions/libipt_icmp.c | 3 ---
extensions/libipt_realm.c | 3 ---
extensions/libipt_ttl.c | 3 ---
extensions/libxt_CHECKSUM.c | 2 --
extensions/libxt_CLASSIFY.c | 3 ---
extensions/libxt_CONNMARK.c | 2 --
extensions/libxt_CONNSECMARK.c | 3 ---
extensions/libxt_CT.c | 2 --
extensions/libxt_DSCP.c | 3 ---
extensions/libxt_IDLETIMER.c | 3 ---
extensions/libxt_MARK.c | 7 -------
extensions/libxt_NFLOG.c | 2 --
extensions/libxt_NFQUEUE.c | 4 ----
extensions/libxt_RATEEST.c | 3 ---
extensions/libxt_SECMARK.c | 2 --
extensions/libxt_SET.c | 6 ------
extensions/libxt_TCPMSS.c | 3 ---
extensions/libxt_TOS.c | 3 ---
extensions/libxt_cluster.c | 2 --
| 3 ---
extensions/libxt_connbytes.c | 2 --
extensions/libxt_connlimit.c | 2 --
extensions/libxt_connmark.c | 3 ---
extensions/libxt_conntrack.c | 6 ------
extensions/libxt_cpu.c | 3 ---
extensions/libxt_dccp.c | 2 --
extensions/libxt_dscp.c | 3 ---
extensions/libxt_esp.c | 2 --
extensions/libxt_hashlimit.c | 2 --
extensions/libxt_helper.c | 3 ---
extensions/libxt_iprange.c | 3 ---
extensions/libxt_ipvs.c | 5 -----
extensions/libxt_length.c | 3 ---
extensions/libxt_limit.c | 3 ---
extensions/libxt_mac.c | 3 ---
extensions/libxt_mark.c | 3 ---
extensions/libxt_multiport.c | 6 ------
extensions/libxt_osf.c | 2 --
extensions/libxt_physdev.c | 3 ---
extensions/libxt_pkttype.c | 3 ---
extensions/libxt_policy.c | 2 --
extensions/libxt_quota.c | 3 ---
extensions/libxt_rateest.c | 3 ---
extensions/libxt_recent.c | 3 ---
extensions/libxt_sctp.c | 3 ---
extensions/libxt_set.c | 6 ------
extensions/libxt_state.c | 3 ---
extensions/libxt_statistic.c | 2 --
extensions/libxt_string.c | 3 ---
extensions/libxt_tcp.c | 3 ---
extensions/libxt_tcpmss.c | 2 --
extensions/libxt_udp.c | 3 ---
79 files changed, 5 insertions(+), 230 deletions(-)
diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c
index eeab0c9..7430454 100644
--- a/extensions/libip6t_HL.c
+++ b/extensions/libip6t_HL.c
@@ -71,10 +71,6 @@ static int HL_parse(int c, char **argv, int invert, unsigned int *flags,
info->mode = IP6T_HL_INC;
break;
-
- default:
- return 0;
-
}
info->hop_limit = value;
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index bb85acb..a33d570 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -191,9 +191,6 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
loginfo->logflags |= IP6T_LOG_MACDECODE;
*flags |= IP6T_LOG_OPT_MACDECODE;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index 94d2694..9a4334f 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -94,9 +94,6 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
- default:
- /* Fall through */
- break;
}
return 0;
}
diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index fc17429..839f14d 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -110,8 +110,6 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
ahinfo->hdrres = 1;
*flags |= IP6T_AH_RES;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index f4036f0..e4cf431 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -156,8 +156,6 @@ static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
optinfo->flags |= IP6T_OPTS_NSTRICT;
*flags |= IP6T_OPTS_NSTRICT;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index fcaa72b..c342dd8 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -141,8 +141,6 @@ static int frag_parse(int c, char **argv, int invert, unsigned int *flags,
fraginfo->flags |= IP6T_FRAG_NMF;
*flags |= IP6T_FRAG_NMF;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index b706f51..f9d59df 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -149,8 +149,6 @@ static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
optinfo->flags |= IP6T_OPTS_NSTRICT;
*flags |= IP6T_OPTS_NSTRICT;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index ce4392e..daefea1 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -71,8 +71,6 @@ static int hl_parse(int c, char **argv, int invert, unsigned int *flags,
*flags = 1;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 2adba82..8c39488 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -166,9 +166,6 @@ static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags,
icmpv6info->invflags |= IP6T_ICMP_INV;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
--git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index d4d64e0..7d2a97f 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -204,8 +204,6 @@ ipv6header_parse(int c, char **argv, int invert, unsigned int *flags,
info->modeflag |= 0xFF;
*flags |= IPV6_HDR_SOFT;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index 16cc9ac..f41c4f4 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -140,9 +140,6 @@ static int mh_parse(int c, char **argv, int invert, unsigned int *flags,
mhinfo->invflags |= IP6T_MH_INV_TYPE;
*flags |= MH_TYPES;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index ec0290c..4e27f8a 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -223,8 +223,6 @@ static int rt_parse(int c, char **argv, int invert, unsigned int *flags,
rtinfo->flags |= IP6T_RT_FST_NSTRICT;
*flags |= IP6T_RT_FST_NSTRICT;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c
index d622e63..b89baa8 100644
--- a/extensions/libipt_CLUSTERIP.c
+++ b/extensions/libipt_CLUSTERIP.c
@@ -146,8 +146,6 @@ static int CLUSTERIP_parse(int c, char **argv, int invert, unsigned int *flags,
cipinfo->hash_initval = num;
*flags |= PARAM_HASHINIT;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 7afe241..32b94b2 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -184,10 +184,8 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
case '3':
info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
return 1;
-
- default:
- return 0;
}
+ return 0;
}
static void DNAT_check(unsigned int flags)
diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c
index 75ea011..cad20a8 100644
--- a/extensions/libipt_ECN.c
+++ b/extensions/libipt_ECN.c
@@ -90,8 +90,6 @@ static int ECN_parse(int c, char **argv, int invert, unsigned int *flags,
einfo->ip_ect = result;
*flags |= IPT_ECN_OP_SET_IP;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 097aec8..e6ccb3b 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -191,8 +191,6 @@ static int LOG_parse(int c, char **argv, int invert, unsigned int *flags,
loginfo->logflags |= IPT_LOG_MACDECODE;
*flags |= IPT_LOG_OPT_MACDECODE;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index b6bbd60..3b059ac 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -102,10 +102,8 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags,
case '2':
mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
return 1;
-
- default:
- return 0;
}
+ return 0;
}
static void
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index 23731af..c7d0307 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -124,10 +124,8 @@ static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
parse_to(optarg, &mr->range[0]);
*flags = 1;
return 1;
-
- default:
- return 0;
}
+ return 0;
}
static void NETMAP_check(unsigned int flags)
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 940603a..4760e65 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -113,10 +113,8 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
} else
*flags |= IPT_REDIRECT_OPT_RANDOM;
return 1;
-
- default:
- return 0;
}
+ return 0;
}
static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 8c08dd0..4bd5f4a 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -115,8 +115,6 @@ static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
fprintf(stderr, "--reject-with echo-reply no longer"
" supported\n");
xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
- default:
- /* Fall through */
break;
}
return 0;
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 5fb1b5b..9531a3b 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -120,9 +120,6 @@ static int SAME_parse(int c, char **argv, int invert, unsigned int *flags,
for (count=0; count < mr->rangesize; count++)
mr->range[count].flags |= IP_NAT_RANGE_PROTO_RANDOM;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 1075c79..2700bcc 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -184,10 +184,8 @@ static int SNAT_parse(int c, char **argv, int invert, unsigned int *flags,
case '3':
info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT;
return 1;
-
- default:
- return 0;
}
+ return 0;
}
static void SNAT_check(unsigned int flags)
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index 2e0c233..c8e5524 100644
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -71,10 +71,6 @@ static int TTL_parse(int c, char **argv, int invert, unsigned int *flags,
info->mode = IPT_TTL_INC;
break;
-
- default:
- return 0;
-
}
info->ttl = value;
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index 46928c3..0185f98 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -138,8 +138,6 @@ static int ULOG_parse(int c, char **argv, int invert, unsigned int *flags,
loginfo->qthreshold = atoi(optarg);
*flags |= IPT_LOG_OPT_QTHRESHOLD;
break;
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index 8a64211..fa6cc1e 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -122,8 +122,6 @@ addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags,
info->invert_dest = 1;
*flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
break;
- default:
- return 0;
}
return 1;
@@ -171,8 +169,6 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_OUT;
*flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index 3369c66..9359062 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -89,8 +89,6 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
ahinfo->invflags |= IPT_AH_INV_SPI;
*flags |= AH_SPI;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
index 3f1fc3b..27e46b3 100644
--- a/extensions/libipt_ecn.c
+++ b/extensions/libipt_ecn.c
@@ -76,8 +76,6 @@ static int ecn_parse(int c, char **argv, int invert, unsigned int *flags,
"ECN match: Value out of range");
einfo->ip_ect = result;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 2204027..a233520 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -191,9 +191,6 @@ static int icmp_parse(int c, char **argv, int invert, unsigned int *flags,
icmpinfo->invflags |= IPT_ICMP_INV;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index 1d48546..a5ec6d8 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -180,9 +180,6 @@ static int realm_parse(int c, char **argv, int invert, unsigned int *flags,
realminfo->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 34d0f23..05de9f7 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -68,9 +68,6 @@ static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
info->mode = IPT_TTL_GT;
info->ttl = value;
break;
- default:
- return 0;
-
}
if (*flags)
diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c
index 101a54c..a4a60b3 100644
--- a/extensions/libxt_CHECKSUM.c
+++ b/extensions/libxt_CHECKSUM.c
@@ -42,8 +42,6 @@ static int CHECKSUM_parse(int c, char **argv, int invert, unsigned int *flags,
einfo->operation = XT_CHECKSUM_OP_FILL;
*flags |= XT_CHECKSUM_OP_FILL;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_CLASSIFY.c b/extensions/libxt_CLASSIFY.c
index ab5127c..2920ee8 100644
--- a/extensions/libxt_CLASSIFY.c
+++ b/extensions/libxt_CLASSIFY.c
@@ -53,9 +53,6 @@ CLASSIFY_parse(int c, char **argv, int invert, unsigned int *flags,
"CLASSIFY: Can't specify --set-class twice");
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 0d43a0d..4657411 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -147,8 +147,6 @@ CONNMARK_parse(int c, char **argv, int invert, unsigned int *flags,
if (*end != '\0' || end == optarg)
xtables_error(PARAMETER_PROBLEM, "Bad MASK value \"%s\"", optarg);
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c
index 8df2363..75d0e3b 100644
--- a/extensions/libxt_CONNSECMARK.c
+++ b/extensions/libxt_CONNSECMARK.c
@@ -52,9 +52,6 @@ CONNSECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
info->mode = CONNSECMARK_RESTORE;
*flags |= CONNSECMARK_RESTORE;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 8952b75..682dd83 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -127,8 +127,6 @@ static int ct_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM, "Bad zone value \"%s\"", optarg);
info->zone = zone;
break;
- default:
- return 0;
}
*flags |= c;
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index a6280bf..468516c 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -92,9 +92,6 @@ static int DSCP_parse(int c, char **argv, int invert, unsigned int *flags,
parse_class(optarg, dinfo);
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
index 1562e02..05db0e9 100644
--- a/extensions/libxt_IDLETIMER.c
+++ b/extensions/libxt_IDLETIMER.c
@@ -78,9 +78,6 @@ static int idletimer_tg_parse(int c, char **argv, int invert,
strcpy(info->label, optarg);
*flags |= IDLETIMER_TG_OPT_LABEL;
break;
-
- default:
- return false;
}
return true;
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index e33e0c3..cbb18ba 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -93,8 +93,6 @@ MARK_parse_v0(int c, char **argv, int invert, unsigned int *flags,
case '3':
xtables_error(PARAMETER_PROBLEM,
"MARK target: kernel too old for --or-mark");
- default:
- return 0;
}
return 1;
@@ -126,8 +124,6 @@ MARK_parse_v1(int c, char **argv, int invert, unsigned int *flags,
case '3':
markinfo->mode = XT_MARK_OR;
break;
- default:
- return 0;
}
if (!xtables_strtoui(optarg, NULL, &mark, 0, UINT32_MAX))
@@ -193,9 +189,6 @@ static int mark_tg_parse(int c, char **argv, int invert, unsigned int *flags,
info->mark = value;
info->mask = 0;
break;
-
- default:
- return false;
}
*flags |= F_MARK;
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 2cf279a..2da5d64 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -103,8 +103,6 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags,
"Invalid --nflog-threshold, must be >= 1");
info->threshold = n;
break;
- default:
- return 0;
}
*flags |= c;
return 1;
diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index e412153..995134e 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -70,8 +70,6 @@ NFQUEUE_parse(int c, char **argv, int invert, unsigned int *flags,
case 'B':
xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
"--queue-balance not supported (kernel too old?)");
- default:
- return 0;
}
return 1;
@@ -114,8 +112,6 @@ NFQUEUE_parse_v1(int c, char **argv, int invert, unsigned int *flags,
firstqueue, lastqueue);
info->queues_total = lastqueue - firstqueue + 1;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_RATEEST.c b/extensions/libxt_RATEEST.c
index d89f818..173fee3 100644
--- a/extensions/libxt_RATEEST.c
+++ b/extensions/libxt_RATEEST.c
@@ -130,9 +130,6 @@ RATEEST_parse(int c, char **argv, int invert, unsigned int *flags,
"RATEEST: bad ewmalog value `%s'", optarg);
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_SECMARK.c b/extensions/libxt_SECMARK.c
index 7bf4ff0..b800d4a 100644
--- a/extensions/libxt_SECMARK.c
+++ b/extensions/libxt_SECMARK.c
@@ -49,8 +49,6 @@ static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
strcpy(info->secctx, optarg);
*flags |= SECMARK_MODE_SEL;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_SET.c b/extensions/libxt_SET.c
index c05811e..2d186c5 100644
--- a/extensions/libxt_SET.c
+++ b/extensions/libxt_SET.c
@@ -102,9 +102,6 @@ set_target_parse_v0(int c, char **argv, int invert, unsigned int *flags,
parse_target_v0(argv, invert, flags,
&myinfo->del_set, "del-set");
break;
-
- default:
- return 0;
}
return 1;
}
@@ -204,9 +201,6 @@ set_target_parse(int c, char **argv, int invert, unsigned int *flags,
parse_target(argv, invert, flags,
&myinfo->del_set, "del-set");
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c
index b24789a..1468dee 100644
--- a/extensions/libxt_TCPMSS.c
+++ b/extensions/libxt_TCPMSS.c
@@ -71,9 +71,6 @@ static int __TCPMSS_parse(int c, char **argv, int invert, unsigned int *flags,
mssinfo->mss = XT_TCPMSS_CLAMP_PMTU;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index 6ad2216..29bc693 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -145,9 +145,6 @@ static int tos_tg_parse(int c, char **argv, int invert, unsigned int *flags,
info->tos_value = bits;
info->tos_mask = 0;
break;
-
- default:
- return false;
}
*flags |= FLAG_TOS;
diff --git a/extensions/libxt_cluster.c b/extensions/libxt_cluster.c
index 1591045..c94741f 100644
--- a/extensions/libxt_cluster.c
+++ b/extensions/libxt_cluster.c
@@ -134,8 +134,6 @@ cluster_parse(int c, char **argv, int invert, unsigned int *flags,
info->hash_seed = num;
*flags |= 1 << c;
break;
- default:
- return 0;
}
return 1;
--git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index dba8bb2..bfdccb2 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -55,9 +55,6 @@ comment_parse(int c, char **argv, int invert, unsigned int *flags,
parse_comment(optarg, commentinfo);
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index 2e20862..7c96c32 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -89,8 +89,6 @@ connbytes_parse(int c, char **argv, int invert, unsigned int *flags,
"Unknown --connbytes-mode `%s'", optarg);
*flags |= 4;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index 0cbcf01..85c0ca8 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -94,8 +94,6 @@ static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags,
info->v4_mask = htonl(0xFFFFFFFF << (32 - i));
}
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index a953443..4cc59ac 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -102,9 +102,6 @@ connmark_parse(int c, char **argv, int invert, unsigned int *flags,
markinfo->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index dcb1771..f21d1ab 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -461,9 +461,6 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags,
}
sinfo->flags |= XT_CONNTRACK_EXPIRES;
break;
-
- default:
- return 0;
}
*flags = sinfo->flags;
@@ -566,9 +563,6 @@ conntrack_mt_parse(int c, bool invert, unsigned int *flags,
xtables_param_act(XTF_BAD_VALUE, "conntrack", "--ctdir", optarg);
}
break;
-
- default:
- return false;
}
*flags = info->match_flags;
diff --git a/extensions/libxt_cpu.c b/extensions/libxt_cpu.c
index ee02996..b4ad456 100644
--- a/extensions/libxt_cpu.c
+++ b/extensions/libxt_cpu.c
@@ -49,9 +49,6 @@ cpu_parse(int c, char **argv, int invert, unsigned int *flags,
cpuinfo->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 84f1536..7a0e96b 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -183,8 +183,6 @@ dccp_parse(int c, char **argv, int invert, unsigned int *flags,
einfo->invflags |= XT_DCCP_OPTION;
*flags |= XT_DCCP_OPTION;
break;
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 4f81f2f..1d7fadf 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -100,9 +100,6 @@ dscp_parse(int c, char **argv, int invert, unsigned int *flags,
dinfo->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index b95ae1c..82ca301 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -95,8 +95,6 @@ esp_parse(int c, char **argv, int invert, unsigned int *flags,
espinfo->invflags |= XT_ESP_INV_SPI;
*flags |= ESP_SPI;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index b26628a..352e530 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -298,8 +298,6 @@ hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
strncpy(r->name, optarg, sizeof(r->name));
*flags |= PARAM_NAME;
break;
- default:
- return 0;
}
if (invert)
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index e9551bc..3c744c9 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -39,9 +39,6 @@ helper_parse(int c, char **argv, int invert, unsigned int *flags,
info->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 6565d42..2ac2fa4 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -128,9 +128,6 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
info->dst.min_ip = range[0].ip;
info->dst.max_ip = range[1].ip;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index 83de042..3001417 100644
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -155,11 +155,6 @@ static int ipvs_mt_parse(int c, char **argv, int invert, unsigned int *flags,
case '6': /* --vportctl */
data->vportctl = htons(xtables_parse_port(optarg, "tcp"));
break;
-
- default:
- /* Hu? How did we come here? */
- assert(false);
- return 0;
}
if (op & XT_IPVS_ONCE_MASK) {
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index edcb6b5..86ccba0 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -77,9 +77,6 @@ length_parse(int c, char **argv, int invert, unsigned int *flags,
info->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index 350cb24..a62d199 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -107,9 +107,6 @@ limit_parse(int c, char **argv, int invert, unsigned int *flags,
"bad --limit-burst `%s'", optarg);
r->burst = num;
break;
-
- default:
- return 0;
}
if (invert)
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index eb07467..15a7f3c 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -64,9 +64,6 @@ mac_parse(int c, char **argv, int invert, unsigned int *flags,
macinfo->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index d17a7b2..15b08b9 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -79,9 +79,6 @@ mark_parse(int c, char **argv, int invert, unsigned int *flags,
markinfo->invert = 1;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 9ed5931..2f52383 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -187,9 +187,6 @@ __multiport_parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
break;
-
- default:
- return 0;
}
if (invert)
@@ -251,9 +248,6 @@ __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
parse_multi_ports_v1(optarg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
break;
-
- default:
- return 0;
}
if (invert)
diff --git a/extensions/libxt_osf.c b/extensions/libxt_osf.c
index 66c23b4..38c4705 100644
--- a/extensions/libxt_osf.c
+++ b/extensions/libxt_osf.c
@@ -107,8 +107,6 @@ static int osf_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM, "Log level parameter is too big");
info->flags |= XT_OSF_LOG;
break;
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index d92df9e..abd182c 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -94,9 +94,6 @@ physdev_parse(int c, char **argv, int invert, unsigned int *flags,
*flags |= XT_PHYSDEV_OP_BRIDGED;
info->bitmask |= XT_PHYSDEV_OP_BRIDGED;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index d402591..8aefd92 100644
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -94,9 +94,6 @@ static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags,
info->invert=1;
*flags=1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c
index 3fea146..565f8a3 100644
--- a/extensions/libxt_policy.c
+++ b/extensions/libxt_policy.c
@@ -261,8 +261,6 @@ static int policy_parse(int c, char **argv, int invert, unsigned int *flags,
xtables_error(PARAMETER_PROBLEM,
"policy match: maximum policy depth reached");
break;
- default:
- return 0;
}
policy_info = info;
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index 9a88cba..64100cd 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -71,9 +71,6 @@ quota_parse(int c, char **argv, int invert, unsigned int *flags,
info->flags |= XT_QUOTA_INVERT;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c
index 3809fe7..7b6ba00 100644
--- a/extensions/libxt_rateest.c
+++ b/extensions/libxt_rateest.c
@@ -297,9 +297,6 @@ rateest_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
info->flags |= XT_RATEEST_MATCH_INVERT;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index 41faeb6..85f3613 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -138,9 +138,6 @@ static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
case 210:
info->side = XT_RECENT_DEST;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index fe010aa..ad26076 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -296,9 +296,6 @@ sctp_parse(int c, char **argv, int invert, unsigned int *flags,
optind++;
*flags |= XT_SCTP_CHUNK_TYPES;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 594e2d4..6364011 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -85,9 +85,6 @@ set_parse_v0(int c, char **argv, int invert, unsigned int *flags,
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
@@ -170,9 +167,6 @@ set_parse(int c, char **argv, int invert, unsigned int *flags,
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index 4064333..a236a3f 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -79,9 +79,6 @@ state_parse(int c, char **argv, int invert, unsigned int *flags,
sinfo->statemask = ~sinfo->statemask;
*flags = 1;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
index 94f2913..f6fbd3b 100644
--- a/extensions/libxt_statistic.c
+++ b/extensions/libxt_statistic.c
@@ -90,8 +90,6 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags,
info->u.nth.packet = val;
*flags |= 0x8;
break;
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index a6c5881..c78f9cd 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -238,9 +238,6 @@ string_parse(int c, char **argv, int invert, unsigned int *flags,
stringinfo->u.v1.flags |= XT_STRING_FLAG_IGNORECASE;
*flags |= ICASE;
break;
-
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index df5077f..8bcb0dd 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -203,9 +203,6 @@ tcp_parse(int c, char **argv, int invert, unsigned int *flags,
tcpinfo->invflags |= XT_TCP_INV_OPTION;
*flags |= TCP_OPTION;
break;
-
- default:
- return 0;
}
return 1;
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 8dfbb14..35d6d18 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -73,8 +73,6 @@ tcpmss_parse(int c, char **argv, int invert, unsigned int *flags,
mssinfo->invert = 1;
*flags = 1;
break;
- default:
- return 0;
}
return 1;
}
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 70e939d..2550d71 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -90,9 +90,6 @@ udp_parse(int c, char **argv, int invert, unsigned int *flags,
udpinfo->invflags |= XT_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;
break;
-
- default:
- return 0;
}
return 1;
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 10/13] libxt_sctp: fix a typo
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (8 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 09/13] extensions: remove no longer necessary default: cases Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 11/13] libipt_CLUSTERIP: const annotations Jan Engelhardt
` (3 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_sctp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index ad26076..016a9f9 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -394,7 +394,7 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
case SCTP_CHUNK_MATCH_ANY: printf("any "); break;
case SCTP_CHUNK_MATCH_ALL: printf("all "); break;
case SCTP_CHUNK_MATCH_ONLY: printf("only "); break;
- default: printf("Never reach herer\n"); break;
+ default: printf("Never reach here\n"); break;
}
if (SCTP_CHUNKMAP_IS_CLEAR(einfo->chunkmap)) {
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 11/13] libipt_CLUSTERIP: const annotations
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (9 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 10/13] libxt_sctp: fix a typo Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 12/13] libxtables: do some option structure checking Jan Engelhardt
` (2 subsequent siblings)
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libipt_CLUSTERIP.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c
index b89baa8..9f4c992 100644
--- a/extensions/libipt_CLUSTERIP.c
+++ b/extensions/libipt_CLUSTERIP.c
@@ -163,9 +163,9 @@ static void CLUSTERIP_check(unsigned int flags)
xtables_error(PARAMETER_PROBLEM, "CLUSTERIP target: Invalid parameter combination\n");
}
-static char *hashmode2str(enum clusterip_hashmode mode)
+static const char *hashmode2str(enum clusterip_hashmode mode)
{
- char *retstr;
+ const char *retstr;
switch (mode) {
case CLUSTERIP_HASHMODE_SIP:
retstr = "sourceip";
@@ -183,7 +183,7 @@ static char *hashmode2str(enum clusterip_hashmode mode)
return retstr;
}
-static char *mac2str(const uint8_t mac[ETH_ALEN])
+static const char *mac2str(const uint8_t mac[ETH_ALEN])
{
static char buf[ETH_ALEN*3];
sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 12/13] libxtables: do some option structure checking
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (10 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 11/13] libipt_CLUSTERIP: const annotations Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-08 15:20 ` [PATCH 13/13] libipt_REDIRECT: avoid dereference of uninitialized pointer Jan Engelhardt
2011-01-09 19:16 ` iptables: accumulated bugfixes and annotations Pablo Neira Ayuso
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
libxt_recent's use of numeric values >200 always looked worrisome. Now
here is a validation routine for such.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtables.c | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/xtables.c b/xtables.c
index 5b7526c..f8014a6 100644
--- a/xtables.c
+++ b/xtables.c
@@ -730,6 +730,17 @@ static int compatible_target_revision(const char *name, uint8_t revision)
return compatible_revision(name, revision, afinfo->so_rev_target);
}
+static void xtables_check_options(const char *name, const struct option *opt)
+{
+ for (; opt->name != NULL; ++opt)
+ if (opt->val < 0 || opt->val >= XT_OPTION_OFFSET_SCALE) {
+ fprintf(stderr, "%s: Extension %s uses invalid "
+ "option value %d\n",xt_params->program_name,
+ name, opt->val);
+ exit(1);
+ }
+}
+
void xtables_register_match(struct xtables_match *me)
{
struct xtables_match **i, *old;
@@ -760,6 +771,9 @@ void xtables_register_match(struct xtables_match *me)
exit(1);
}
+ if (me->extra_opts != NULL)
+ xtables_check_options(me->name, me->extra_opts);
+
/* ignore not interested match */
if (me->family != afinfo->family && me->family != AF_UNSPEC)
return;
@@ -845,6 +859,9 @@ void xtables_register_target(struct xtables_target *me)
exit(1);
}
+ if (me->extra_opts != NULL)
+ xtables_check_options(me->name, me->extra_opts);
+
/* ignore not interested target */
if (me->family != afinfo->family && me->family != AF_UNSPEC)
return;
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 13/13] libipt_REDIRECT: avoid dereference of uninitialized pointer
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (11 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 12/13] libxtables: do some option structure checking Jan Engelhardt
@ 2011-01-08 15:20 ` Jan Engelhardt
2011-01-09 19:16 ` iptables: accumulated bugfixes and annotations Pablo Neira Ayuso
13 siblings, 0 replies; 15+ messages in thread
From: Jan Engelhardt @ 2011-01-08 15:20 UTC (permalink / raw)
To: pablo; +Cc: kaber, netfilter-devel
From: Stephen Beahm <stephenbeahm@comcast.net>
When using --to-ports with a port name instead of a numerical
specification, a segfault occurs.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=691
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libipt_REDIRECT.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 4760e65..74b3aa1 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -41,7 +41,7 @@ static void REDIRECT_init(struct xt_entry_target *t)
static void
parse_ports(const char *arg, struct nf_nat_multi_range *mr)
{
- char *end;
+ char *end = "";
unsigned int port, maxport;
mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
--
1.7.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: iptables: accumulated bugfixes and annotations
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
` (12 preceding siblings ...)
2011-01-08 15:20 ` [PATCH 13/13] libipt_REDIRECT: avoid dereference of uninitialized pointer Jan Engelhardt
@ 2011-01-09 19:16 ` Pablo Neira Ayuso
13 siblings, 0 replies; 15+ messages in thread
From: Pablo Neira Ayuso @ 2011-01-09 19:16 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: kaber, netfilter-devel
On 08/01/11 16:20, Jan Engelhardt wrote:
> Hey Pablo,
>
> could you please pull this while Patrick is away, so that users get a
> chance to benefit of these accumulated bugfixes.
Pulled and pushed out, thanks Jan.
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2011-01-09 19:16 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-08 15:20 iptables: accumulated bugfixes and annotations Jan Engelhardt
2011-01-08 15:20 ` [PATCH 01/13] iptables-restore: resolve confusing policy error message Jan Engelhardt
2011-01-08 15:20 ` [PATCH 02/13] src: const annotations Jan Engelhardt
2011-01-08 15:20 ` [PATCH 03/13] xt_comment: remove redundant cast Jan Engelhardt
2011-01-08 15:20 ` [PATCH 04/13] src: use C99/POSIX types Jan Engelhardt
2011-01-08 15:20 ` [PATCH 05/13] iptables: abort on empty interface specification Jan Engelhardt
2011-01-08 15:20 ` [PATCH 06/13] xtables: reorder num_old substraction for clarity Jan Engelhardt
2011-01-08 15:20 ` [PATCH 07/13] ip[6]tables: only call match's parse function when option char is in range Jan Engelhardt
2011-01-08 15:20 ` [PATCH 08/13] ip[6]tables: only call target's " Jan Engelhardt
2011-01-08 15:20 ` [PATCH 09/13] extensions: remove no longer necessary default: cases Jan Engelhardt
2011-01-08 15:20 ` [PATCH 10/13] libxt_sctp: fix a typo Jan Engelhardt
2011-01-08 15:20 ` [PATCH 11/13] libipt_CLUSTERIP: const annotations Jan Engelhardt
2011-01-08 15:20 ` [PATCH 12/13] libxtables: do some option structure checking Jan Engelhardt
2011-01-08 15:20 ` [PATCH 13/13] libipt_REDIRECT: avoid dereference of uninitialized pointer Jan Engelhardt
2011-01-09 19:16 ` iptables: accumulated bugfixes and annotations Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).