guided option parser, run 2

guided option parser, run 2

[Jan Engelhardt]

The following changes since commit b18ffe3636b07cd817628de81643136e4755a944:

  libxt_cluster: use guided option parser (2011-04-06 13:12:52 +0200)

are available in the git repository at:
  git://dev.medozas.de/iptables opts

Jan Engelhardt (28):
      libxtables: XTTYPE_UINT8 support
      libip[6]t_HL: use guided option parser
      libip[6]t_hl: use guided option parser
      libxtables: XTTYPE_UINT32RC support
      libip[6]t_ah: use guided option parser
      libip6t_frag: use guided option parser
      libxt_esp: use guided option parser
      libxtables: XTTYPE_STRING support
      libip[6]t_REJECT: use guided option parser
      libip6t_dst: use guided option parser
      libip6t_hbh: use guided option parser
      libip[6]t_icmp: use guided option parser
      libip6t_ipv6header: use guided option parser
      libipt_ECN: use guided option parser
      libipt_addrtype: use guided option parser
      libxt_AUDIT: use guided option parser
      libxt_CLASSIFY: use guided option parser
      libxt_DSCP: use guided option parser
      libxt_LED: use guided option parser
      libxt_SECMARK: use guided option parser
      libxt_TCPOPTSTRIP: use guided option parser
      libxt_comment: use guided option parser
      libxt_helper: use guided option parser
      libxt_physdev: use guided option parser
      libxt_pkttype: use guided option parser
      libxt_state: use guided option parser
      libxt_time: use guided option parser
      libxt_u32: use guided option parser

 extensions/libip6t_HL.c         |  111 ++++++++++-----------------
 extensions/libip6t_REJECT.c     |   48 ++++++------
 extensions/libip6t_ah.c         |  112 +++++++---------------------
 extensions/libip6t_dst.c        |   61 +++++----------
 extensions/libip6t_frag.c       |  145 +++++++++--------------------------
 extensions/libip6t_hbh.c        |   61 ++++++----------
 extensions/libip6t_hl.c         |  106 ++++++++++----------------
 extensions/libip6t_icmp6.c      |   53 ++++---------
 extensions/libip6t_ipv6header.c |   88 +++++++---------------
 extensions/libipt_ECN.c         |   95 +++++++++--------------
 extensions/libipt_REJECT.c      |   58 ++++++--------
 extensions/libipt_TTL.c         |  110 ++++++++++-----------------
 extensions/libipt_addrtype.c    |  160 ++++++++++++++-------------------------
 extensions/libipt_ah.c          |   89 ++++------------------
 extensions/libipt_ecn.c         |   82 ++++++++------------
 extensions/libipt_icmp.c        |   47 +++++-------
 extensions/libipt_ttl.c         |  109 ++++++++++-----------------
 extensions/libxt_AUDIT.c        |   66 ++++++-----------
 extensions/libxt_CLASSIFY.c     |   55 ++++----------
 extensions/libxt_DSCP.c         |   87 ++++++---------------
 extensions/libxt_LED.c          |   84 ++++++++------------
 extensions/libxt_SECMARK.c      |   54 ++++----------
 extensions/libxt_TCPOPTSTRIP.c  |   46 +++--------
 extensions/libxt_comment.c      |   61 +++------------
 extensions/libxt_dscp.c         |   94 +++++++----------------
 extensions/libxt_esp.c          |   95 ++++-------------------
 extensions/libxt_helper.c       |   54 ++++---------
 extensions/libxt_physdev.c      |  113 ++++++++++-----------------
 extensions/libxt_pkttype.c      |   52 ++++---------
 extensions/libxt_state.c        |   50 ++++--------
 extensions/libxt_time.c         |  153 +++++++++++++------------------------
 extensions/libxt_u32.c          |   39 ++++------
 include/xtables.h.in            |   10 ++-
 xtoptions.c                     |   90 +++++++++++++++++++++-
 34 files changed, 955 insertions(+), 1783 deletions(-)

[PATCH 01/28] libxtables: XTTYPE_UINT8 support

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/xtables.h.in |    2 ++
 xtoptions.c          |   10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index 14d7b04..dc074bc 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -51,6 +51,7 @@ struct in_addr;
  */
 enum xt_option_type {
 	XTTYPE_NONE,
+	XTTYPE_UINT8,
 	XTTYPE_UINT32,
 };
 
@@ -104,6 +105,7 @@ struct xt_option_call {
 	unsigned int xflags;
 	bool invert;
 	union {
+		uint8_t u8;
 		uint32_t u32;
 	} val;
 };
diff --git a/xtoptions.c b/xtoptions.c
index 6a119ec..693c06d 100644
--- a/xtoptions.c
+++ b/xtoptions.c
@@ -89,6 +89,8 @@ static void xtopt_parse_int(struct xt_option_call *cb)
 	unsigned int lmin = 0, lmax = UINT32_MAX;
 	unsigned int value;
 
+	if (entry->type == XTTYPE_UINT8)
+		lmax = UINT8_MAX;
 	if (cb->entry->min != 0)
 		lmin = cb->entry->min;
 	if (cb->entry->max != 0)
@@ -100,7 +102,11 @@ static void xtopt_parse_int(struct xt_option_call *cb)
 			"or out of range (%u-%u).\n",
 			cb->ext_name, entry->name, lmin, lmax);
 
-	if (entry->type == XTTYPE_UINT32) {
+	if (entry->type == XTTYPE_UINT8) {
+		cb->val.u8 = value;
+		if (entry->flags & XTOPT_PUT)
+			*(uint8_t *)XTOPT_MKPTR(cb) = cb->val.u8;
+	} else if (entry->type == XTTYPE_UINT32) {
 		cb->val.u32 = value;
 		if (entry->flags & XTOPT_PUT)
 			*(uint32_t *)XTOPT_MKPTR(cb) = cb->val.u32;
@@ -108,10 +114,12 @@ static void xtopt_parse_int(struct xt_option_call *cb)
 }
 
 static void (*const xtopt_subparse[])(struct xt_option_call *) = {
+	[XTTYPE_UINT8]       = xtopt_parse_int,
 	[XTTYPE_UINT32]      = xtopt_parse_int,
 };
 
 static const size_t xtopt_psize[] = {
+	[XTTYPE_UINT8]       = sizeof(uint8_t),
 	[XTTYPE_UINT32]      = sizeof(uint32_t),
 };
 
-- 
1.7.1

[PATCH 02/28] libip[6]t_HL: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_HL.c |  111 ++++++++++++++++++-----------------------------
 extensions/libipt_TTL.c |  110 ++++++++++++++++++-----------------------------
 2 files changed, 84 insertions(+), 137 deletions(-)

diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c
index 900564c..254b191 100644
--- a/extensions/libip6t_HL.c
+++ b/extensions/libip6t_HL.c
@@ -4,17 +4,33 @@
  * Based on HW's ttl target
  * This program is distributed under the terms of GNU GPL
  */
-
-#include <getopt.h>
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
 #include <xtables.h>
-
 #include <linux/netfilter_ipv6/ip6t_HL.h>
 
-#define IP6T_HL_USED	1
+enum {
+	O_HL_SET = 0,
+	O_HL_INC,
+	O_HL_DEC,
+	F_HL_SET = 1 << O_HL_SET,
+	F_HL_INC = 1 << O_HL_INC,
+	F_HL_DEC = 1 << O_HL_DEC,
+	F_ANY    = F_HL_SET | F_HL_INC | F_HL_DEC,
+};
+
+#define s struct ip6t_HL_info
+static const struct xt_option_entry HL_opts[] = {
+	{.name = "ttl-set", .type = XTTYPE_UINT8, .id = O_HL_SET,
+	 .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+	{.name = "ttl-dec", .type = XTTYPE_UINT8, .id = O_HL_DEC,
+	 .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit),
+	 .min = 1},
+	{.name = "ttl-inc", .type = XTTYPE_UINT8, .id = O_HL_INC,
+	 .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit),
+	 .min = 1},
+	XTOPT_TABLEEND,
+};
+#undef s
 
 static void HL_help(void)
 {
@@ -25,63 +41,27 @@ static void HL_help(void)
 "  --hl-inc value		Increment HL by <value 1-255>\n");
 }
 
-static int HL_parse(int c, char **argv, int invert, unsigned int *flags,
-                    const void *entry, struct xt_entry_target **target)
+static void HL_parse(struct xt_option_call *cb)
 {
-	struct ip6t_HL_info *info = (struct ip6t_HL_info *) (*target)->data;
-	unsigned int value;
-
-	if (*flags & IP6T_HL_USED) {
-		xtables_error(PARAMETER_PROBLEM,
-				"Can't specify HL option twice");
+	struct ip6t_HL_info *info = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_HL_SET:
+		info->mode = IP6T_HL_SET;
+		break;
+	case O_HL_INC:
+		info->mode = IP6T_HL_INC;
+		break;
+	case O_HL_DEC:
+		info->mode = IP6T_HL_DEC;
+		break;
 	}
-
-	if (!optarg) 
-		xtables_error(PARAMETER_PROBLEM,
-				"HL: You must specify a value");
-
-	if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
-		xtables_error(PARAMETER_PROBLEM,
-				"HL: unexpected `!'");
-	
-	if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
-		xtables_error(PARAMETER_PROBLEM,
-		           "HL: Expected value between 0 and 255");
-
-	switch (c) {
-
-		case '1':
-			info->mode = IP6T_HL_SET;
-			break;
-
-		case '2':
-			if (value == 0) {
-				xtables_error(PARAMETER_PROBLEM,
-					"HL: decreasing by 0?");
-			}
-
-			info->mode = IP6T_HL_DEC;
-			break;
-
-		case '3':
-			if (value == 0) {
-				xtables_error(PARAMETER_PROBLEM,
-					"HL: increasing by 0?");
-			}
-
-			info->mode = IP6T_HL_INC;
-			break;
-	}
-	
-	info->hop_limit = value;
-	*flags |= IP6T_HL_USED;
-
-	return 1;
 }
 
-static void HL_check(unsigned int flags)
+static void HL_check(struct xt_fcheck_call *cb)
 {
-	if (!(flags & IP6T_HL_USED))
+	if (!(cb->xflags & F_ANY))
 		xtables_error(PARAMETER_PROBLEM,
 				"HL: You must specify an action");
 }
@@ -127,13 +107,6 @@ static void HL_print(const void *ip, const struct xt_entry_target *target,
 	printf(" %u", info->hop_limit);
 }
 
-static const struct option HL_opts[] = {
-	{.name = "hl-set", .has_arg = true, .val = '1'},
-	{.name = "hl-dec", .has_arg = true, .val = '2'},
-	{.name = "hl-inc", .has_arg = true, .val = '3'},
-	XT_GETOPT_TABLEEND,
-};
-
 static struct xtables_target hl_tg6_reg = {
 	.name 		= "HL",
 	.version	= XTABLES_VERSION,
@@ -141,11 +114,11 @@ static struct xtables_target hl_tg6_reg = {
 	.size		= XT_ALIGN(sizeof(struct ip6t_HL_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct ip6t_HL_info)),
 	.help		= HL_help,
-	.parse		= HL_parse,
-	.final_check	= HL_check,
 	.print		= HL_print,
 	.save		= HL_save,
-	.extra_opts	= HL_opts,
+	.x6_parse	= HL_parse,
+	.x6_fcheck	= HL_check,
+	.x6_options	= HL_opts,
 };
 
 void _init(void)
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index c2518f8..0f81280 100644
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -3,16 +3,33 @@
  *
  * This program is distributed under the terms of GNU GPL
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
-
 #include <linux/netfilter_ipv4/ipt_TTL.h>
 
-#define IPT_TTL_USED	1
+enum {
+	O_TTL_SET = 0,
+	O_TTL_INC,
+	O_TTL_DEC,
+	F_TTL_SET = 1 << O_TTL_SET,
+	F_TTL_INC = 1 << O_TTL_INC,
+	F_TTL_DEC = 1 << O_TTL_DEC,
+	F_ANY     = F_TTL_SET | F_TTL_INC | F_TTL_DEC,
+};
+
+#define s struct ipt_TTL_info
+static const struct xt_option_entry TTL_opts[] = {
+	{.name = "ttl-set", .type = XTTYPE_UINT8, .id = O_TTL_SET,
+	 .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+	{.name = "ttl-dec", .type = XTTYPE_UINT8, .id = O_TTL_DEC,
+	 .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl),
+	 .min = 1},
+	{.name = "ttl-inc", .type = XTTYPE_UINT8, .id = O_TTL_INC,
+	 .excl = F_ANY, .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl),
+	 .min = 1},
+	XTOPT_TABLEEND,
+};
+#undef s
 
 static void TTL_help(void)
 {
@@ -23,63 +40,27 @@ static void TTL_help(void)
 "  --ttl-inc value		Increment TTL by <value 1-255>\n");
 }
 
-static int TTL_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_target **target)
+static void TTL_parse(struct xt_option_call *cb)
 {
-	struct ipt_TTL_info *info = (struct ipt_TTL_info *) (*target)->data;
-	unsigned int value;
-
-	if (*flags & IPT_TTL_USED) {
-		xtables_error(PARAMETER_PROBLEM,
-				"Can't specify TTL option twice");
-	}
-
-	if (!optarg) 
-		xtables_error(PARAMETER_PROBLEM,
-				"TTL: You must specify a value");
-
-	if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
-		xtables_error(PARAMETER_PROBLEM,
-				"TTL: unexpected `!'");
-	
-	if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
-		xtables_error(PARAMETER_PROBLEM,
-		           "TTL: Expected value between 0 and 255");
-
-	switch (c) {
-
-		case '1':
-			info->mode = IPT_TTL_SET;
-			break;
-
-		case '2':
-			if (value == 0) {
-				xtables_error(PARAMETER_PROBLEM,
-					"TTL: decreasing by 0?");
-			}
-
-			info->mode = IPT_TTL_DEC;
-			break;
-
-		case '3':
-			if (value == 0) {
-				xtables_error(PARAMETER_PROBLEM,
-					"TTL: increasing by 0?");
-			}
-
-			info->mode = IPT_TTL_INC;
-			break;
+	struct ipt_TTL_info *info = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_TTL_SET:
+		info->mode = IPT_TTL_SET;
+		break;
+	case O_TTL_DEC:
+		info->mode = IPT_TTL_DEC;
+		break;
+	case O_TTL_INC:
+		info->mode = IPT_TTL_INC;
+		break;
 	}
-	
-	info->ttl = value;
-	*flags |= IPT_TTL_USED;
-
-	return 1;
 }
 
-static void TTL_check(unsigned int flags)
+static void TTL_check(struct xt_fcheck_call *cb)
 {
-	if (!(flags & IPT_TTL_USED))
+	if (!(cb->xflags & F_ANY))
 		xtables_error(PARAMETER_PROBLEM,
 				"TTL: You must specify an action");
 }
@@ -125,13 +106,6 @@ static void TTL_print(const void *ip, const struct xt_entry_target *target,
 	printf(" %u", info->ttl);
 }
 
-static const struct option TTL_opts[] = {
-	{.name = "ttl-set", .has_arg = true, .val = '1'},
-	{.name = "ttl-dec", .has_arg = true, .val = '2'},
-	{.name = "ttl-inc", .has_arg = true, .val = '3'},
-	XT_GETOPT_TABLEEND,
-};
-
 static struct xtables_target ttl_tg_reg = {
 	.name		= "TTL",
 	.version	= XTABLES_VERSION,
@@ -139,11 +113,11 @@ static struct xtables_target ttl_tg_reg = {
 	.size		= XT_ALIGN(sizeof(struct ipt_TTL_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct ipt_TTL_info)),
 	.help		= TTL_help,
-	.parse		= TTL_parse,
-	.final_check	= TTL_check,
 	.print		= TTL_print,
 	.save		= TTL_save,
-	.extra_opts	= TTL_opts,
+	.x6_parse	= TTL_parse,
+	.x6_fcheck	= TTL_check,
+	.x6_options	= TTL_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 03/28] libip[6]t_hl: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_hl.c |  106 ++++++++++++++++++----------------------------
 extensions/libipt_ttl.c |  109 ++++++++++++++++++-----------------------------
 2 files changed, 82 insertions(+), 133 deletions(-)

diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index 5da3210..3559db4 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -5,15 +5,20 @@
  * This program is released under the terms of GNU GPL
  * Cleanups by Stephane Ouellette <ouellettes@videotron.ca>
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <getopt.h>
 #include <xtables.h>
-
 #include <linux/netfilter_ipv6/ip6t_hl.h>
 
+enum {
+	O_HL_EQ = 0,
+	O_HL_LT,
+	O_HL_GT,
+	F_HL_EQ = 1 << O_HL_EQ,
+	F_HL_LT = 1 << O_HL_LT,
+	F_HL_GT = 1 << O_HL_GT,
+	F_ANY  = F_HL_EQ | F_HL_LT | F_HL_GT,
+};
+
 static void hl_help(void)
 {
 	printf(
@@ -23,62 +28,27 @@ static void hl_help(void)
 "  --hl-gt value	Match HL > value\n");
 }
 
-static int hl_parse(int c, char **argv, int invert, unsigned int *flags,
-                    const void *entry, struct xt_entry_match **match)
+static void hl_parse(struct xt_option_call *cb)
 {
-	struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data;
-	uint8_t value;
-
-	xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-	value = atoi(optarg);
-
-	if (*flags) 
-		xtables_error(PARAMETER_PROBLEM,
-				"Can't specify HL option twice");
-
-	if (!optarg)
-		xtables_error(PARAMETER_PROBLEM,
-				"hl: You must specify a value");
-	switch (c) {
-		case '2':
-			if (invert)
-				info->mode = IP6T_HL_NE;
-			else
-				info->mode = IP6T_HL_EQ;
-
-			/* is 0 allowed? */
-			info->hop_limit = value;
-			*flags = 1;
-
-			break;
-		case '3':
-			if (invert) 
-				xtables_error(PARAMETER_PROBLEM,
-						"hl: unexpected `!'");
-
-			info->mode = IP6T_HL_LT;
-			info->hop_limit = value;
-			*flags = 1;
-
-			break;
-		case '4':
-			if (invert)
-				xtables_error(PARAMETER_PROBLEM,
-						"hl: unexpected `!'");
-
-			info->mode = IP6T_HL_GT;
-			info->hop_limit = value;
-			*flags = 1;
-
-			break;
+	struct ip6t_hl_info *info = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_HL_EQ:
+		info->mode = cb->invert ? IP6T_HL_NE : IP6T_HL_EQ;
+		break;
+	case O_HL_LT:
+		info->mode = IP6T_HL_LT;
+		break;
+	case O_HL_GT:
+		info->mode = IP6T_HL_GT;
+		break;
 	}
-
-	return 1;
 }
 
-static void hl_check(unsigned int flags)
+static void hl_check(struct xt_fcheck_call *cb)
 {
-	if (!flags) 
+	if (!(cb->xflags & F_ANY))
 		xtables_error(PARAMETER_PROBLEM,
 			"HL match: You must specify one of "
 			"`--hl-eq', `--hl-lt', `--hl-gt'");
@@ -113,13 +83,19 @@ static void hl_save(const void *ip, const struct xt_entry_match *match)
 	printf(" %s %u", op[info->mode], info->hop_limit);
 }
 
-static const struct option hl_opts[] = {
-	{.name = "hl",    .has_arg = true, .val = '2'},
-	{.name = "hl-eq", .has_arg = true, .val = '2'},
-	{.name = "hl-lt", .has_arg = true, .val = '3'},
-	{.name = "hl-gt", .has_arg = true, .val = '4'},
-	XT_GETOPT_TABLEEND,
+#define s struct ip6t_hl_info
+static const struct xt_option_entry hl_opts[] = {
+	{.name = "hl-lt", .id = O_HL_LT, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+	{.name = "hl-gt", .id = O_HL_GT, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+	{.name = "hl-eq", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+	{.name = "hl", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)},
+	XTOPT_TABLEEND,
 };
+#undef s
 
 static struct xtables_match hl_mt6_reg = {
 	.name          = "hl",
@@ -128,11 +104,11 @@ static struct xtables_match hl_mt6_reg = {
 	.size          = XT_ALIGN(sizeof(struct ip6t_hl_info)),
 	.userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)),
 	.help          = hl_help,
-	.parse         = hl_parse,
-	.final_check   = hl_check,
 	.print         = hl_print,
 	.save          = hl_save,
-	.extra_opts    = hl_opts,
+	.x6_parse      = hl_parse,
+	.x6_fcheck     = hl_check,
+	.x6_options    = hl_opts,
 };
 
 
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index d10eb80..6370cb6 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -2,15 +2,20 @@
  * (C) 2000 by Harald Welte <laforge@gnumonks.org>
  *
  * This program is released under the terms of GNU GPL */
-#include <stdbool.h>
 #include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <getopt.h>
 #include <xtables.h>
-
 #include <linux/netfilter_ipv4/ipt_ttl.h>
 
+enum {
+	O_TTL_EQ = 0,
+	O_TTL_LT,
+	O_TTL_GT,
+	F_TTL_EQ = 1 << O_TTL_EQ,
+	F_TTL_LT = 1 << O_TTL_LT,
+	F_TTL_GT = 1 << O_TTL_GT,
+	F_ANY    = F_TTL_EQ | F_TTL_LT | F_TTL_GT,
+};
+
 static void ttl_help(void)
 {
 	printf(
@@ -20,65 +25,27 @@ static void ttl_help(void)
 "  --ttl-gt value	Match TTL > value\n");
 }
 
-static int ttl_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_match **match)
+static void ttl_parse(struct xt_option_call *cb)
 {
-	struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
-	unsigned int value;
-
-	xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
-	switch (c) {
-		case '2':
-			if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
-				xtables_error(PARAMETER_PROBLEM,
-				           "ttl: Expected value between 0 and 255");
-
-			if (invert)
-				info->mode = IPT_TTL_NE;
-			else
-				info->mode = IPT_TTL_EQ;
-
-			/* is 0 allowed? */
-			info->ttl = value;
-			break;
-		case '3':
-			if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
-				xtables_error(PARAMETER_PROBLEM,
-				           "ttl: Expected value between 0 and 255");
-
-			if (invert) 
-				xtables_error(PARAMETER_PROBLEM,
-						"ttl: unexpected `!'");
-
-			info->mode = IPT_TTL_LT;
-			info->ttl = value;
-			break;
-		case '4':
-			if (!xtables_strtoui(optarg, NULL, &value, 0, UINT8_MAX))
-				xtables_error(PARAMETER_PROBLEM,
-				           "ttl: Expected value between 0 and 255");
-
-			if (invert)
-				xtables_error(PARAMETER_PROBLEM,
-						"ttl: unexpected `!'");
-
-			info->mode = IPT_TTL_GT;
-			info->ttl = value;
-			break;
+	struct ipt_ttl_info *info = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_TTL_EQ:
+		info->mode = cb->invert ? IPT_TTL_NE : IPT_TTL_EQ;
+		break;
+	case O_TTL_LT:
+		info->mode = IPT_TTL_LT;
+		break;
+	case O_TTL_GT:
+		info->mode = IPT_TTL_GT;
+		break;
 	}
-
-	if (*flags) 
-		xtables_error(PARAMETER_PROBLEM,
-				"Can't specify TTL option twice");
-	*flags = 1;
-
-	return 1;
 }
 
-static void ttl_check(unsigned int flags)
+static void ttl_check(struct xt_fcheck_call *cb)
 {
-	if (!flags) 
+	if (!(cb->xflags & F_ANY))
 		xtables_error(PARAMETER_PROBLEM,
 			"TTL match: You must specify one of "
 			"`--ttl-eq', `--ttl-lt', `--ttl-gt");
@@ -133,13 +100,19 @@ static void ttl_save(const void *ip, const struct xt_entry_match *match)
 	printf(" %u", info->ttl);
 }
 
-static const struct option ttl_opts[] = {
-	{.name = "ttl",    .has_arg = true, .val = '2'},
-	{.name = "ttl-eq", .has_arg = true, .val = '2'},
-	{.name = "ttl-lt", .has_arg = true, .val = '3'},
-	{.name = "ttl-gt", .has_arg = true, .val = '4'},
-	XT_GETOPT_TABLEEND,
+#define s struct ipt_ttl_info
+static const struct xt_option_entry ttl_opts[] = {
+	{.name = "ttl-lt", .id = O_TTL_LT, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+	{.name = "ttl-gt", .id = O_TTL_GT, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+	{.name = "ttl-eq", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+	{.name = "ttl", .id = O_TTL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, ttl)},
+	XTOPT_TABLEEND,
 };
+#undef s
 
 static struct xtables_match ttl_mt_reg = {
 	.name		= "ttl",
@@ -148,11 +121,11 @@ static struct xtables_match ttl_mt_reg = {
 	.size		= XT_ALIGN(sizeof(struct ipt_ttl_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ttl_info)),
 	.help		= ttl_help,
-	.parse		= ttl_parse,
-	.final_check	= ttl_check,
 	.print		= ttl_print,
 	.save		= ttl_save,
-	.extra_opts	= ttl_opts,
+	.x6_parse	= ttl_parse,
+	.x6_fcheck	= ttl_check,
+	.x6_options	= ttl_opts,
 };
 
 
-- 
1.7.1

[PATCH 04/28] libxtables: XTTYPE_UINT32RC support

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/xtables.h.in |    6 ++++-
 xtoptions.c          |   55 +++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index dc074bc..3e596e0 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -48,11 +48,13 @@ struct in_addr;
 /**
  * %XTTYPE_NONE:	option takes no argument
  * %XTTYPE_UINT*:	standard integer
+ * %XTTYPE_UINT*RC:	colon-separated range of standard integers
  */
 enum xt_option_type {
 	XTTYPE_NONE,
 	XTTYPE_UINT8,
 	XTTYPE_UINT32,
+	XTTYPE_UINT32RC,
 };
 
 /**
@@ -96,6 +98,7 @@ struct xt_option_entry {
  * @data:	per-extension data block
  * @xflags:	options of the extension that have been used
  * @invert:	whether option was used with !
+ * @nvals:	number of results in uXX_multi
  * @val:	parsed result
  */
 struct xt_option_call {
@@ -104,9 +107,10 @@ struct xt_option_call {
 	void *data;
 	unsigned int xflags;
 	bool invert;
+	uint8_t nvals;
 	union {
 		uint8_t u8;
-		uint32_t u32;
+		uint32_t u32, u32_range[2];
 	} val;
 };
 
diff --git a/xtoptions.c b/xtoptions.c
index 693c06d..03c629e 100644
--- a/xtoptions.c
+++ b/xtoptions.c
@@ -113,14 +113,66 @@ static void xtopt_parse_int(struct xt_option_call *cb)
 	}
 }
 
+/**
+ * Multiple integer parse routine.
+ *
+ * This function is capable of parsing any number of fields. Only the first
+ * two values from the string will be put into @cb however (and as such,
+ * @cb->val.uXX_range is just that large) to cater for the few extensions that
+ * do not have a range[2] field, but {min, max}, and which cannot use
+ * XTOPT_POINTER.
+ */
+static void xtopt_parse_mint(struct xt_option_call *cb)
+{
+	const struct xt_option_entry *entry = cb->entry;
+	const char *arg = cb->arg;
+	uint32_t *put = XTOPT_MKPTR(cb);
+	unsigned int maxiter, value;
+	char *end = "";
+	char sep = ':';
+
+	maxiter = entry->size / sizeof(uint32_t);
+	if (maxiter == 0)
+		maxiter = 2; /* ARRAY_SIZE(cb->val.uXX_range) */
+	if (entry->size % sizeof(uint32_t) != 0)
+		xt_params->exit_err(OTHER_PROBLEM, "%s: memory block does "
+			"not have proper size\n", __func__);
+
+	cb->nvals = 0;
+	for (arg = cb->arg; ; arg = end + 1) {
+		if (cb->nvals == maxiter)
+			xt_params->exit_err(PARAMETER_PROBLEM, "%s: Too many "
+				"components for option \"--%s\" (max: %u)\n",
+				cb->ext_name, entry->name, maxiter);
+		if (!xtables_strtoui(arg, &end, &value, 0, UINT32_MAX))
+			xt_params->exit_err(PARAMETER_PROBLEM,
+				"%s: bad value for option \"--%s\", "
+				"or out of range (0-%u).\n",
+				cb->ext_name, entry->name, UINT32_MAX);
+		if (*end != '\0' && *end != sep)
+			xt_params->exit_err(PARAMETER_PROBLEM,
+				"%s: Argument to \"--%s\" has unexpected "
+				"characters.\n", cb->ext_name, entry->name);
+		++cb->nvals;
+		if (cb->nvals < ARRAY_SIZE(cb->val.u32_range))
+			cb->val.u32_range[cb->nvals] = value;
+		if (entry->flags & XTOPT_PUT)
+			*put++ = value;
+		if (*end == '\0')
+			break;
+	}
+}
+
 static void (*const xtopt_subparse[])(struct xt_option_call *) = {
 	[XTTYPE_UINT8]       = xtopt_parse_int,
 	[XTTYPE_UINT32]      = xtopt_parse_int,
+	[XTTYPE_UINT32RC]    = xtopt_parse_mint,
 };
 
 static const size_t xtopt_psize[] = {
 	[XTTYPE_UINT8]       = sizeof(uint8_t),
 	[XTTYPE_UINT32]      = sizeof(uint32_t),
+	[XTTYPE_UINT32RC]    = sizeof(uint32_t[2]),
 };
 
 /**
@@ -180,7 +232,8 @@ void xtables_option_metavalidate(const char *name,
 				"%s: entry type of option \"--%s\" cannot be "
 				"combined with XTOPT_PUT\n",
 				name, entry->name);
-		if (xtopt_psize[entry->type] != entry->size)
+		if (xtopt_psize[entry->type] != -1 &&
+		    xtopt_psize[entry->type] != entry->size)
 			xt_params->exit_err(OTHER_PROBLEM,
 				"%s: option \"--%s\" points to a memory block "
 				"of wrong size (expected %zu, got %zu)\n",
-- 
1.7.1

[PATCH 05/28] libip[6]t_ah: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_ah.c |  112 +++++++++++-----------------------------------
 extensions/libipt_ah.c  |   89 +++++++------------------------------
 2 files changed, 43 insertions(+), 158 deletions(-)

diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index 2922047..d30ddfa 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -1,14 +1,13 @@
-/* Shared library add-on to ip6tables to add AH support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv6/ip6t_ah.h>
 
+enum {
+	O_AHSPI = 0,
+	O_AHLEN,
+	O_AHRES,
+};
+
 static void ah_help(void)
 {
 	printf(
@@ -18,55 +17,16 @@ static void ah_help(void)
 " --ahres                       check the reserved field too\n");
 }
 
-static const struct option ah_opts[] = {
-	{.name = "ahspi", .has_arg = true,  .val = '1'},
-	{.name = "ahlen", .has_arg = true,  .val = '2'},
-	{.name = "ahres", .has_arg = false, .val = '3'},
-	XT_GETOPT_TABLEEND,
+#define s struct ip6t_ah
+static const struct xt_option_entry ah_opts[] = {
+	{.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spis)},
+	{.name = "ahlen", .id = O_AHLEN, .type = XTTYPE_UINT32,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)},
+	{.name = "ahres", .id = O_AHRES, .type = XTTYPE_NONE},
+	XTOPT_TABLEEND,
 };
-
-static uint32_t
-parse_ah_spi(const char *spistr, const char *typestr)
-{
-	unsigned long int spi;
-	char* ep;
-
-	spi = strtoul(spistr, &ep, 0);
-
-	if ( spistr == ep )
-		xtables_error(PARAMETER_PROBLEM,
-			   "AH no valid digits in %s `%s'", typestr, spistr);
-
-	if ( spi == ULONG_MAX  && errno == ERANGE )
-		xtables_error(PARAMETER_PROBLEM,
-			   "%s `%s' specified too big: would overflow",
-			   typestr, spistr);
-
-	if ( *spistr != '\0'  && *ep != '\0' )
-		xtables_error(PARAMETER_PROBLEM,
-			   "AH error parsing %s `%s'", typestr, spistr);
-
-	return spi;
-}
-
-static void
-parse_ah_spis(const char *spistring, uint32_t *spis)
-{
-	char *buffer;
-	char *cp;
-
-	buffer = strdup(spistring);
-	if ((cp = strchr(buffer, ':')) == NULL)
-		spis[0] = spis[1] = parse_ah_spi(buffer, "spi");
-	else {
-		*cp = '\0';
-		cp++;
-
-		spis[0] = buffer[0] ? parse_ah_spi(buffer, "spi") : 0;
-		spis[1] = cp[0] ? parse_ah_spi(cp, "spi") : 0xFFFFFFFF;
-	}
-	free(buffer);
-}
+#undef s
 
 static void ah_init(struct xt_entry_match *m)
 {
@@ -75,42 +35,24 @@ static void ah_init(struct xt_entry_match *m)
 	ahinfo->spis[1] = 0xFFFFFFFF;
 }
 
-static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
-                    const void *entry, struct xt_entry_match **match)
+static void ah_parse(struct xt_option_call *cb)
 {
-	struct ip6t_ah *ahinfo = (struct ip6t_ah *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & IP6T_AH_SPI)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--ahspi' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_ah_spis(optarg, ahinfo->spis);
-		if (invert)
+	struct ip6t_ah *ahinfo = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_AHSPI:
+		if (cb->invert)
 			ahinfo->invflags |= IP6T_AH_INV_SPI;
-		*flags |= IP6T_AH_SPI;
 		break;
-	case '2':
-		if (*flags & IP6T_AH_LEN)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--ahlen' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		ahinfo->hdrlen = parse_ah_spi(optarg, "length");
-		if (invert)
+	case O_AHLEN:
+		if (cb->invert)
 			ahinfo->invflags |= IP6T_AH_INV_LEN;
-		*flags |= IP6T_AH_LEN;
 		break;
-	case '3':
-		if (*flags & IP6T_AH_RES)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--ahres' allowed");
+	case O_AHRES:
 		ahinfo->hdrres = 1;
-		*flags |= IP6T_AH_RES;
 		break;
 	}
-
-	return 1;
 }
 
 static void
@@ -191,10 +133,10 @@ static struct xtables_match ah_mt6_reg = {
 	.userspacesize = XT_ALIGN(sizeof(struct ip6t_ah)),
 	.help          = ah_help,
 	.init          = ah_init,
-	.parse         = ah_parse,
 	.print         = ah_print,
 	.save          = ah_save,
-	.extra_opts    = ah_opts,
+	.x6_parse      = ah_parse,
+	.x6_options    = ah_opts,
 };
 
 void
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index c50eecc..53adfd8 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -1,14 +1,11 @@
-/* Shared library add-on to iptables to add AH support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv4/ipt_ah.h>
 
+enum {
+	O_AHSPI = 0,
+};
+
 static void ah_help(void)
 {
 	printf(
@@ -17,53 +14,13 @@ static void ah_help(void)
 "				match spi (range)\n");
 }
 
-static const struct option ah_opts[] = {
-	{.name = "ahspi", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry ah_opts[] = {
+	{.name = "ahspi", .id = O_AHSPI, .type = XTTYPE_UINT32RC,
+	 .flags = XTOPT_INVERT | XTOPT_PUT,
+	 XTOPT_POINTER(struct ipt_ah, spis)},
+	XTOPT_TABLEEND,
 };
 
-static uint32_t
-parse_ah_spi(const char *spistr)
-{
-	unsigned long int spi;
-	char* ep;
-
-	spi =  strtoul(spistr,&ep,0) ;
-
-	if ( spistr == ep ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "AH no valid digits in spi `%s'", spistr);
-	}
-	if ( spi == ULONG_MAX  && errno == ERANGE ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "spi `%s' specified too big: would overflow", spistr);
-	}	
-	if ( *spistr != '\0'  && *ep != '\0' ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "AH error parsing spi `%s'", spistr);
-	}
-	return spi;
-}
-
-static void
-parse_ah_spis(const char *spistring, uint32_t *spis)
-{
-	char *buffer;
-	char *cp;
-
-	buffer = strdup(spistring);
-	if ((cp = strchr(buffer, ':')) == NULL)
-		spis[0] = spis[1] = parse_ah_spi(buffer);
-	else {
-		*cp = '\0';
-		cp++;
-
-		spis[0] = buffer[0] ? parse_ah_spi(buffer) : 0;
-		spis[1] = cp[0] ? parse_ah_spi(cp) : 0xFFFFFFFF;
-	}
-	free(buffer);
-}
-
 static void ah_init(struct xt_entry_match *m)
 {
 	struct ipt_ah *ahinfo = (struct ipt_ah *)m->data;
@@ -71,27 +28,13 @@ static void ah_init(struct xt_entry_match *m)
 	ahinfo->spis[1] = 0xFFFFFFFF;
 }
 
-#define AH_SPI 0x01
-
-static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
-                    const void *entry, struct xt_entry_match **match)
+static void ah_parse(struct xt_option_call *cb)
 {
-	struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & AH_SPI)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--ahspi' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_ah_spis(optarg, ahinfo->spis);
-		if (invert)
-			ahinfo->invflags |= IPT_AH_INV_SPI;
-		*flags |= AH_SPI;
-		break;
-	}
+	struct ipt_ah *ahinfo = cb->data;
 
-	return 1;
+	xtables_option_parse(cb);
+	if (cb->invert)
+		ahinfo->invflags |= IPT_AH_INV_SPI;
 }
 
 static void
@@ -155,10 +98,10 @@ static struct xtables_match ah_mt_reg = {
 	.userspacesize 	= XT_ALIGN(sizeof(struct ipt_ah)),
 	.help 		= ah_help,
 	.init 		= ah_init,
-	.parse 		= ah_parse,
 	.print 		= ah_print,
 	.save 		= ah_save,
-	.extra_opts 	= ah_opts,
+	.x6_parse	= ah_parse,
+	.x6_options	= ah_opts,
 };
 
 void
-- 
1.7.1

[PATCH 06/28] libip6t_frag: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_frag.c |  145 +++++++++++----------------------------------
 1 files changed, 36 insertions(+), 109 deletions(-)

diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 19aca4c..12794e4 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -1,14 +1,18 @@
-/* Shared library add-on to ip6tables to add Fragmentation header support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv6/ip6t_frag.h>
 
+enum {
+	O_FRAGID = 0,
+	O_FRAGLEN,
+	O_FRAGRES,
+	O_FRAGFIRST,
+	O_FRAGMORE,
+	O_FRAGLAST,
+	F_FRAGMORE = 1 << O_FRAGMORE,
+	F_FRAGLAST = 1 << O_FRAGLAST,
+};
+
 static void frag_help(void)
 {
 	printf(
@@ -21,58 +25,21 @@ static void frag_help(void)
 "                               is the last one\n");
 }
 
-static const struct option frag_opts[] = {
-	{.name = "fragid",    .has_arg = true,  .val = '1'},
-	{.name = "fraglen",   .has_arg = true,  .val = '2'},
-	{.name = "fragres",   .has_arg = false, .val = '3'},
-	{.name = "fragfirst", .has_arg = false, .val = '4'},
-	{.name = "fragmore",  .has_arg = false, .val = '5'},
-	{.name = "fraglast",  .has_arg = false, .val = '6'},
-	XT_GETOPT_TABLEEND,
+#define s struct ip6t_frag
+static const struct xt_option_entry frag_opts[] = {
+	{.name = "fragid", .id = O_FRAGID, .type = XTTYPE_UINT32RC,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, ids)},
+	{.name = "fraglen", .id = O_FRAGLEN, .type = XTTYPE_UINT32,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hdrlen)},
+	{.name = "fragres", .id = O_FRAGRES, .type = XTTYPE_NONE},
+	{.name = "fragfirst", .id = O_FRAGFIRST, .type = XTTYPE_NONE},
+	{.name = "fragmore", .id = O_FRAGMORE, .type = XTTYPE_NONE,
+	 .excl = F_FRAGLAST},
+	{.name = "fraglast", .id = O_FRAGLAST, .type = XTTYPE_NONE,
+	 .excl = F_FRAGMORE},
+	XTOPT_TABLEEND,
 };
-
-static uint32_t
-parse_frag_id(const char *idstr, const char *typestr)
-{
-	unsigned long int id;
-	char* ep;
-
-	id = strtoul(idstr, &ep, 0);
-
-	if ( idstr == ep ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "FRAG no valid digits in %s `%s'", typestr, idstr);
-	}
-	if ( id == ULONG_MAX  && errno == ERANGE ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "%s `%s' specified too big: would overflow",
-			   typestr, idstr);
-	}	
-	if ( *idstr != '\0'  && *ep != '\0' ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "FRAG error parsing %s `%s'", typestr, idstr);
-	}
-	return id;
-}
-
-static void
-parse_frag_ids(const char *idstring, uint32_t *ids)
-{
-	char *buffer;
-	char *cp;
-
-	buffer = strdup(idstring);
-	if ((cp = strchr(buffer, ':')) == NULL)
-		ids[0] = ids[1] = parse_frag_id(buffer,"id");
-	else {
-		*cp = '\0';
-		cp++;
-
-		ids[0] = buffer[0] ? parse_frag_id(buffer,"id") : 0;
-		ids[1] = cp[0] ? parse_frag_id(cp,"id") : 0xFFFFFFFF;
-	}
-	free(buffer);
-}
+#undef s
 
 static void frag_init(struct xt_entry_match *m)
 {
@@ -81,65 +48,25 @@ static void frag_init(struct xt_entry_match *m)
 	fraginfo->ids[1] = 0xFFFFFFFF;
 }
 
-static int frag_parse(int c, char **argv, int invert, unsigned int *flags,
-                      const void *entry, struct xt_entry_match **match)
+static void frag_parse(struct xt_option_call *cb)
 {
-	struct ip6t_frag *fraginfo = (struct ip6t_frag *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & IP6T_FRAG_IDS)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--fragid' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_frag_ids(optarg, fraginfo->ids);
-		if (invert)
-			fraginfo->invflags |= IP6T_FRAG_INV_IDS;
-		fraginfo->flags |= IP6T_FRAG_IDS;
-		*flags |= IP6T_FRAG_IDS;
-		break;
-	case '2':
-		if (*flags & IP6T_FRAG_LEN)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--fraglen' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		fraginfo->hdrlen = parse_frag_id(optarg, "length");
-		if (invert)
-			fraginfo->invflags |= IP6T_FRAG_INV_LEN;
-		fraginfo->flags |= IP6T_FRAG_LEN;
-		*flags |= IP6T_FRAG_LEN;
-		break;
-	case '3':
-		if (*flags & IP6T_FRAG_RES)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--fragres' allowed");
+	struct ip6t_frag *fraginfo = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_FRAGRES:
 		fraginfo->flags |= IP6T_FRAG_RES;
-		*flags |= IP6T_FRAG_RES;
 		break;
-	case '4':
-		if (*flags & IP6T_FRAG_FST)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--fragfirst' allowed");
+	case O_FRAGFIRST:
 		fraginfo->flags |= IP6T_FRAG_FST;
-		*flags |= IP6T_FRAG_FST;
 		break;
-	case '5':
-		if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF)) 
-			xtables_error(PARAMETER_PROBLEM,
-			   "Only one `--fragmore' or `--fraglast' allowed");
+	case O_FRAGMORE:
 		fraginfo->flags |= IP6T_FRAG_MF;
-		*flags |= IP6T_FRAG_MF;
 		break;
-	case '6':
-		if (*flags & (IP6T_FRAG_MF|IP6T_FRAG_NMF)) 
-			xtables_error(PARAMETER_PROBLEM,
-			   "Only one `--fragmore' or `--fraglast' allowed");
+	case O_FRAGLAST:
 		fraginfo->flags |= IP6T_FRAG_NMF;
-		*flags |= IP6T_FRAG_NMF;
 		break;
 	}
-
-	return 1;
 }
 
 static void
@@ -234,10 +161,10 @@ static struct xtables_match frag_mt6_reg = {
 	.userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)),
 	.help          = frag_help,
 	.init          = frag_init,
-	.parse         = frag_parse,
 	.print         = frag_print,
 	.save          = frag_save,
-	.extra_opts    = frag_opts,
+	.x6_parse      = frag_parse,
+	.x6_options    = frag_opts,
 };
 
 void
-- 
1.7.1

[PATCH 07/28] libxt_esp: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_esp.c |   95 ++++++++----------------------------------------
 1 files changed, 16 insertions(+), 79 deletions(-)

diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 1769868..e9d7990 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -1,16 +1,11 @@
-/* Shared library add-on to iptables to add ESP support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <errno.h>
-#include <limits.h>
-
 #include <xtables.h>
 #include <linux/netfilter/xt_esp.h>
 
+enum {
+	O_ESPSPI = 0,
+};
+
 static void esp_help(void)
 {
 	printf(
@@ -19,56 +14,13 @@ static void esp_help(void)
 "				match spi (range)\n");
 }
 
-static const struct option esp_opts[] = {
-	{.name = "espspi", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry esp_opts[] = {
+	{.name = "espspi", .id = O_ESPSPI, .type = XTTYPE_UINT32RC,
+	 .flags = XTOPT_INVERT | XTOPT_PUT,
+	 XTOPT_POINTER(struct xt_esp, spis)},
+	XTOPT_TABLEEND,
 };
 
-static uint32_t
-parse_esp_spi(const char *spistr)
-{
-	unsigned long int spi;
-	char* ep;
-
-	spi =  strtoul(spistr,&ep,0) ;
-
-	if ( spistr == ep ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "ESP no valid digits in spi `%s'", spistr);
-	}
-	if ( spi == ULONG_MAX  && errno == ERANGE ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "spi `%s' specified too big: would overflow", spistr);
-	}	
-	if ( *spistr != '\0'  && *ep != '\0' ) {
-		xtables_error(PARAMETER_PROBLEM,
-			   "ESP error parsing spi `%s'", spistr);
-	}
-	return spi;
-}
-
-static void
-parse_esp_spis(const char *spistring, uint32_t *spis)
-{
-	char *buffer;
-	char *cp;
-
-	buffer = strdup(spistring);
-	if ((cp = strchr(buffer, ':')) == NULL)
-		spis[0] = spis[1] = parse_esp_spi(buffer);
-	else {
-		*cp = '\0';
-		cp++;
-
-		spis[0] = buffer[0] ? parse_esp_spi(buffer) : 0;
-		spis[1] = cp[0] ? parse_esp_spi(cp) : 0xFFFFFFFF;
-		if (spis[0] > spis[1])
-			xtables_error(PARAMETER_PROBLEM,
-				   "Invalid ESP spi range: %s", spistring);
-	}
-	free(buffer);
-}
-
 static void esp_init(struct xt_entry_match *m)
 {
 	struct xt_esp *espinfo = (struct xt_esp *)m->data;
@@ -76,28 +28,13 @@ static void esp_init(struct xt_entry_match *m)
 	espinfo->spis[1] = 0xFFFFFFFF;
 }
 
-#define ESP_SPI 0x01
-
-static int
-esp_parse(int c, char **argv, int invert, unsigned int *flags,
-          const void *entry, struct xt_entry_match **match)
+static void esp_parse(struct xt_option_call *cb)
 {
-	struct xt_esp *espinfo = (struct xt_esp *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & ESP_SPI)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--espspi' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_esp_spis(optarg, espinfo->spis);
-		if (invert)
-			espinfo->invflags |= XT_ESP_INV_SPI;
-		*flags |= ESP_SPI;
-		break;
-	}
+	struct xt_esp *espinfo = cb->data;
 
-	return 1;
+	xtables_option_parse(cb);
+	if (cb->invert)
+		espinfo->invflags |= XT_ESP_INV_SPI;
 }
 
 static void
@@ -155,10 +92,10 @@ static struct xtables_match esp_match = {
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_esp)),
 	.help		= esp_help,
 	.init		= esp_init,
-	.parse		= esp_parse,
 	.print		= esp_print,
 	.save		= esp_save,
-	.extra_opts	= esp_opts,
+	.x6_parse	= esp_parse,
+	.x6_options	= esp_opts,
 };
 
 void
-- 
1.7.1

[PATCH 08/28] libxtables: XTTYPE_STRING support

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/xtables.h.in |    2 ++
 xtoptions.c          |   25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/include/xtables.h.in b/include/xtables.h.in
index 3e596e0..c3c8da9 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -49,12 +49,14 @@ struct in_addr;
  * %XTTYPE_NONE:	option takes no argument
  * %XTTYPE_UINT*:	standard integer
  * %XTTYPE_UINT*RC:	colon-separated range of standard integers
+ * %XTTYPE_STRING:	arbitrary string
  */
 enum xt_option_type {
 	XTTYPE_NONE,
 	XTTYPE_UINT8,
 	XTTYPE_UINT32,
 	XTTYPE_UINT32RC,
+	XTTYPE_STRING,
 };
 
 /**
diff --git a/xtoptions.c b/xtoptions.c
index 03c629e..631e7a3 100644
--- a/xtoptions.c
+++ b/xtoptions.c
@@ -163,16 +163,41 @@ static void xtopt_parse_mint(struct xt_option_call *cb)
 	}
 }
 
+static void xtopt_parse_string(struct xt_option_call *cb)
+{
+	const struct xt_option_entry *entry = cb->entry;
+	size_t z = strlen(cb->arg);
+	char *p;
+
+	if (entry->min != 0 && z < entry->min)
+		xt_params->exit_err(PARAMETER_PROBLEM,
+			"Argument must have a minimum length of "
+			"%u characters\n", entry->min);
+	if (entry->max != 0 && z > entry->max)
+		xt_params->exit_err(PARAMETER_PROBLEM,
+			"Argument must have a maximum length of "
+			"%u characters\n", entry->max);
+	if (!(entry->flags & XTOPT_PUT))
+		return;
+	if (z >= entry->size)
+		z = entry->size - 1;
+	p = XTOPT_MKPTR(cb);
+	strncpy(p, cb->arg, z);
+	p[z] = '\0';
+}
+
 static void (*const xtopt_subparse[])(struct xt_option_call *) = {
 	[XTTYPE_UINT8]       = xtopt_parse_int,
 	[XTTYPE_UINT32]      = xtopt_parse_int,
 	[XTTYPE_UINT32RC]    = xtopt_parse_mint,
+	[XTTYPE_STRING]      = xtopt_parse_string,
 };
 
 static const size_t xtopt_psize[] = {
 	[XTTYPE_UINT8]       = sizeof(uint8_t),
 	[XTTYPE_UINT32]      = sizeof(uint32_t),
 	[XTTYPE_UINT32RC]    = sizeof(uint32_t[2]),
+	[XTTYPE_STRING]      = -1,
 };
 
 /**
-- 
1.7.1

[PATCH 09/28] libip[6]t_REJECT: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_REJECT.c |   48 ++++++++++++++++-------------------
 extensions/libipt_REJECT.c  |   58 +++++++++++++++++++-----------------------
 2 files changed, 48 insertions(+), 58 deletions(-)

diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index f906ab8..8085321 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -5,11 +5,8 @@
  * ported to IPv6 by Harald Welte <laforge@gnumonks.org>
  *
  */
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv6/ip6t_REJECT.h>
 
@@ -20,6 +17,10 @@ struct reject_names {
 	const char *desc;
 };
 
+enum {
+	O_REJECT_WITH = 0,
+};
+
 static const struct reject_names reject_table[] = {
 	{"icmp6-no-route", "no-route",
 		IP6T_ICMP6_NO_ROUTE, "ICMPv6 no route"},
@@ -61,9 +62,9 @@ static void REJECT_help(void)
 	print_reject_types();
 }
 
-static const struct option REJECT_opts[] = {
-	{.name = "reject-with", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry REJECT_opts[] = {
+	{.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
 static void REJECT_init(struct xt_entry_target *t)
@@ -75,27 +76,22 @@ static void REJECT_init(struct xt_entry_target *t)
 
 }
 
-static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
-                        const void *entry, struct xt_entry_target **target)
+static void REJECT_parse(struct xt_option_call *cb)
 {
-	struct ip6t_reject_info *reject = 
-		(struct ip6t_reject_info *)(*target)->data;
+	struct ip6t_reject_info *reject = cb->data;
 	unsigned int i;
 
-	switch(c) {
-	case '1':
-		if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
-			xtables_error(PARAMETER_PROBLEM,
-				   "Unexpected `!' after --reject-with");
-		for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
-			if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
-			    || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) {
-				reject->with = reject_table[i].with;
-				return 1;
-			}
-		xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
-	}
-	return 0;
+	xtables_option_parse(cb);
+	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
+		if (strncasecmp(reject_table[i].name,
+		      cb->arg, strlen(cb->arg)) == 0 ||
+		    strncasecmp(reject_table[i].alias,
+		      cb->arg, strlen(cb->arg)) == 0) {
+			reject->with = reject_table[i].with;
+			return;
+		}
+	xtables_error(PARAMETER_PROBLEM,
+		"unknown reject type \"%s\"", cb->arg);
 }
 
 static void REJECT_print(const void *ip, const struct xt_entry_target *target,
@@ -132,10 +128,10 @@ static struct xtables_target reject_tg6_reg = {
 	.userspacesize 	= XT_ALIGN(sizeof(struct ip6t_reject_info)),
 	.help		= REJECT_help,
 	.init		= REJECT_init,
-	.parse		= REJECT_parse,
 	.print		= REJECT_print,
 	.save		= REJECT_save,
-	.extra_opts	= REJECT_opts,
+	.x6_parse	= REJECT_parse,
+	.x6_options	= REJECT_opts,
 };
 
 void _init(void)
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 0ed58cb..362c65e 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -2,11 +2,8 @@
  *
  * (C) 2000 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
  */
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv4/ipt_REJECT.h>
 #include <linux/version.h>
@@ -27,6 +24,10 @@ struct reject_names {
 	const char *desc;
 };
 
+enum {
+	O_REJECT_WITH = 0,
+};
+
 static const struct reject_names reject_table[] = {
 	{"icmp-net-unreachable", "net-unreach",
 		IPT_ICMP_NET_UNREACHABLE, "ICMP network unreachable"},
@@ -76,9 +77,9 @@ static void REJECT_help(void)
 	printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n");
 }
 
-static const struct option REJECT_opts[] = {
-	{.name = "reject-with", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry REJECT_opts[] = {
+	{.name = "reject-with", .id = O_REJECT_WITH, .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
 static void REJECT_init(struct xt_entry_target *t)
@@ -90,34 +91,27 @@ static void REJECT_init(struct xt_entry_target *t)
 
 }
 
-static int REJECT_parse(int c, char **argv, int invert, unsigned int *flags,
-                        const void *entry, struct xt_entry_target **target)
+static void REJECT_parse(struct xt_option_call *cb)
 {
-	struct ipt_reject_info *reject = (struct ipt_reject_info *)(*target)->data;
-	static const unsigned int limit = ARRAY_SIZE(reject_table);
+	struct ipt_reject_info *reject = cb->data;
 	unsigned int i;
 
-	switch(c) {
-	case '1':
-		if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
-			xtables_error(PARAMETER_PROBLEM,
-				   "Unexpected `!' after --reject-with");
-		for (i = 0; i < limit; i++) {
-			if ((strncasecmp(reject_table[i].name, optarg, strlen(optarg)) == 0)
-			    || (strncasecmp(reject_table[i].alias, optarg, strlen(optarg)) == 0)) {
-				reject->with = reject_table[i].with;
-				return 1;
-			}
+	xtables_option_parse(cb);
+	for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
+		if (strncasecmp(reject_table[i].name,
+		      cb->arg, strlen(cb->arg)) == 0 ||
+		    strncasecmp(reject_table[i].alias,
+		      cb->arg, strlen(cb->arg)) == 0) {
+			reject->with = reject_table[i].with;
+			return;
 		}
-		/* This due to be dropped late in 2.4 pre-release cycle --RR */
-		if (strncasecmp("echo-reply", optarg, strlen(optarg)) == 0
-		    || strncasecmp("echoreply", optarg, strlen(optarg)) == 0)
-			fprintf(stderr, "--reject-with echo-reply no longer"
-				" supported\n");
-		xtables_error(PARAMETER_PROBLEM, "unknown reject type \"%s\"", optarg);
-		break;
-	}
-	return 0;
+	/* This due to be dropped late in 2.4 pre-release cycle --RR */
+	if (strncasecmp("echo-reply", cb->arg, strlen(cb->arg)) == 0 ||
+	    strncasecmp("echoreply", cb->arg, strlen(cb->arg)) == 0)
+		fprintf(stderr, "--reject-with echo-reply no longer"
+			" supported\n");
+	xtables_error(PARAMETER_PROBLEM,
+		"unknown reject type \"%s\"", cb->arg);
 }
 
 static void REJECT_print(const void *ip, const struct xt_entry_target *target,
@@ -154,10 +148,10 @@ static struct xtables_target reject_tg_reg = {
 	.userspacesize	= XT_ALIGN(sizeof(struct ipt_reject_info)),
 	.help		= REJECT_help,
 	.init		= REJECT_init,
-	.parse		= REJECT_parse,
 	.print		= REJECT_print,
 	.save		= REJECT_save,
-	.extra_opts	= REJECT_opts,
+	.x6_parse	= REJECT_parse,
+	.x6_options	= REJECT_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 10/28] libip6t_dst: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_dst.c |   61 +++++++++++++++-------------------------------
 1 files changed, 20 insertions(+), 41 deletions(-)

diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index 74f6029..4125bd3 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -1,16 +1,14 @@
-/* Shared library add-on to ip6tables to add Dst header support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
 #include <string.h>
 #include <stdlib.h>
-#include <getopt.h>
 #include <errno.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv6/ip6t_opts.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
+
+enum {
+	O_DSTLEN = 0,
+	O_DSTOPTS,
+};
 
 static void dst_help(void)
 {
@@ -22,10 +20,12 @@ static void dst_help(void)
 IP6T_OPTS_OPTSNR);
 }
 
-static const struct option dst_opts[] = {
-	{.name = "dst-len",        .has_arg = true, .val = '1'},
-	{.name = "dst-opts",       .has_arg = true, .val = '2'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry dst_opts[] = {
+	{.name = "dst-len", .id = O_DSTLEN, .type = XTTYPE_UINT32,
+	 .flags = XTOPT_INVERT | XTOPT_PUT,
+	 XTOPT_POINTER(struct ip6t_opts, hdrlen)},
+	{.name = "dst-opts", .id = O_DSTOPTS, .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
 static uint32_t
@@ -105,38 +105,17 @@ parse_options(const char *optsstr, uint16_t *opts)
 	return i;
 }
 
-static int dst_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_match **match)
+static void dst_parse(struct xt_option_call *cb)
 {
-	struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & IP6T_OPTS_LEN)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--dst-len' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		optinfo->hdrlen = parse_opts_num(optarg, "length");
-		if (invert)
-			optinfo->invflags |= IP6T_OPTS_INV_LEN;
-		optinfo->flags |= IP6T_OPTS_LEN;
-		*flags |= IP6T_OPTS_LEN;
-		break;
-	case '2':
-		if (*flags & IP6T_OPTS_OPTS)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--dst-opts' allowed");
-                xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-                if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-				" '!' not allowed with `--dst-opts'");
-		optinfo->optsnr = parse_options(optarg, optinfo->opts);
+	struct ip6t_opts *optinfo = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_DSTOPTS:
+		optinfo->optsnr = parse_options(cb->arg, optinfo->opts);
 		optinfo->flags |= IP6T_OPTS_OPTS;
-		*flags |= IP6T_OPTS_OPTS;
 		break;
 	}
-
-	return 1;
 }
 
 static void
@@ -199,10 +178,10 @@ static struct xtables_match dst_mt6_reg = {
 	.size          = XT_ALIGN(sizeof(struct ip6t_opts)),
 	.userspacesize = XT_ALIGN(sizeof(struct ip6t_opts)),
 	.help          = dst_help,
-	.parse         = dst_parse,
 	.print         = dst_print,
 	.save          = dst_save,
-	.extra_opts    = dst_opts,
+	.x6_parse      = dst_parse,
+	.x6_options    = dst_opts,
 };
 
 void
-- 
1.7.1

[PATCH 11/28] libip6t_hbh: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_hbh.c |   61 ++++++++++++++++-----------------------------
 1 files changed, 22 insertions(+), 39 deletions(-)

diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index b6a8e46..809e80d 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -1,19 +1,17 @@
-/* Shared library add-on to ip6tables to add Hop-by-Hop header support. */
 #include <stdio.h>
-#include <netdb.h>
 #include <string.h>
 #include <stdlib.h>
-#include <getopt.h>
 #include <errno.h>
 #include <xtables.h>
-/*#include <linux/in6.h>*/
 #include <linux/netfilter_ipv6/ip6t_opts.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
 
 #define DEBUG		0
 
+enum {
+	O_HBH_LEN = 0,
+	O_HBH_OPTS,
+};
+
 static void hbh_help(void)
 {
 	printf(
@@ -24,10 +22,12 @@ static void hbh_help(void)
 IP6T_OPTS_OPTSNR);
 }
 
-static const struct option hbh_opts[] = {
-	{.name = "hbh-len",        .has_arg = true, .val = '1'},
-	{.name = "hbh-opts",       .has_arg = true, .val = '2'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry hbh_opts[] = {
+	{.name = "hbh-len", .id = O_HBH_LEN, .type = XTTYPE_UINT32,
+	 .flags = XTOPT_INVERT | XTOPT_PUT,
+	 XTOPT_POINTER(struct ip6t_opts, hdrlen)},
+	{.name = "hbh-opts", .id = O_HBH_OPTS, .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
 static uint32_t
@@ -99,38 +99,21 @@ parse_options(const char *optsstr, uint16_t *opts)
 	return i;
 }
 
-static int hbh_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_match **match)
+static void hbh_parse(struct xt_option_call *cb)
 {
-	struct ip6t_opts *optinfo = (struct ip6t_opts *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & IP6T_OPTS_LEN)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--hbh-len' allowed");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		optinfo->hdrlen = parse_opts_num(optarg, "length");
-		if (invert)
+	struct ip6t_opts *optinfo = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_HBH_LEN:
+		if (cb->invert)
 			optinfo->invflags |= IP6T_OPTS_INV_LEN;
-		optinfo->flags |= IP6T_OPTS_LEN;
-		*flags |= IP6T_OPTS_LEN;
 		break;
-	case '2':
-		if (*flags & IP6T_OPTS_OPTS)
-			xtables_error(PARAMETER_PROBLEM,
-				   "Only one `--hbh-opts' allowed");
-                xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-                if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-				" '!' not allowed with `--hbh-opts'");
-		optinfo->optsnr = parse_options(optarg, optinfo->opts);
+	case O_HBH_OPTS:
+		optinfo->optsnr = parse_options(cb->arg, optinfo->opts);
 		optinfo->flags |= IP6T_OPTS_OPTS;
-		*flags |= IP6T_OPTS_OPTS;
 		break;
 	}
-
-	return 1;
 }
 
 static void
@@ -187,10 +170,10 @@ static struct xtables_match hbh_mt6_reg = {
 	.size		= XT_ALIGN(sizeof(struct ip6t_opts)),
 	.userspacesize	= XT_ALIGN(sizeof(struct ip6t_opts)),
 	.help		= hbh_help,
-	.parse		= hbh_parse,
 	.print		= hbh_print,
 	.save		= hbh_save,
-	.extra_opts	= hbh_opts,
+	.x6_parse	= hbh_parse,
+	.x6_options	= hbh_opts,
 };
 
 void
-- 
1.7.1

[PATCH 12/28] libip[6]t_icmp: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_icmp6.c |   53 ++++++++++++++-----------------------------
 extensions/libipt_icmp.c   |   47 +++++++++++++++------------------------
 2 files changed, 35 insertions(+), 65 deletions(-)

diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index fa87b69..68b940b 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -1,14 +1,14 @@
-/* Shared library add-on to ip6tables to add ICMP support. */
-#include <stdbool.h>
+#include <stdint.h>
 #include <stdio.h>
-#include <netdb.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
 #include <limits.h> /* INT_MAX in ip6_tables.h */
 #include <linux/netfilter_ipv6/ip6_tables.h>
 
+enum {
+	O_ICMPV6_TYPE = 0,
+};
+
 struct icmpv6_names {
 	const char *name;
 	uint8_t type;
@@ -84,9 +84,10 @@ static void icmp6_help(void)
 	print_icmpv6types();
 }
 
-static const struct option icmp6_opts[] = {
-	{.name = "icmpv6-type", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry icmp6_opts[] = {
+	{.name = "icmpv6-type", .id = O_ICMPV6_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_INVERT},
+	XTOPT_TABLEEND,
 };
 
 static void
@@ -149,26 +150,14 @@ static void icmp6_init(struct xt_entry_match *m)
 	icmpv6info->code[1] = 0xFF;
 }
 
-static int icmp6_parse(int c, char **argv, int invert, unsigned int *flags,
-                       const void *entry, struct xt_entry_match **match)
+static void icmp6_parse(struct xt_option_call *cb)
 {
-	struct ip6t_icmp *icmpv6info = (struct ip6t_icmp *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags == 1)
-			xtables_error(PARAMETER_PROBLEM,
-				   "icmpv6 match: only use --icmpv6-type once!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_icmpv6(optarg, &icmpv6info->type, 
-			     icmpv6info->code);
-		if (invert)
-			icmpv6info->invflags |= IP6T_ICMP_INV;
-		*flags = 1;
-		break;
-	}
+	struct ip6t_icmp *icmpv6info = cb->data;
 
-	return 1;
+	xtables_option_parse(cb);
+	parse_icmpv6(cb->arg, &icmpv6info->type, icmpv6info->code);
+	if (cb->invert)
+		icmpv6info->invflags |= IP6T_ICMP_INV;
 }
 
 static void print_icmpv6type(uint8_t type,
@@ -230,13 +219,6 @@ static void icmp6_save(const void *ip, const struct xt_entry_match *match)
 		printf("/%u", icmpv6->code[0]);
 }
 
-static void icmp6_check(unsigned int flags)
-{
-	if (!flags)
-		xtables_error(PARAMETER_PROBLEM,
-			   "icmpv6 match: You must specify `--icmpv6-type'");
-}
-
 static struct xtables_match icmp6_mt6_reg = {
 	.name 		= "icmp6",
 	.version 	= XTABLES_VERSION,
@@ -245,11 +227,10 @@ static struct xtables_match icmp6_mt6_reg = {
 	.userspacesize	= XT_ALIGN(sizeof(struct ip6t_icmp)),
 	.help		= icmp6_help,
 	.init		= icmp6_init,
-	.parse		= icmp6_parse,
-	.final_check	= icmp6_check,
 	.print		= icmp6_print,
 	.save		= icmp6_save,
-	.extra_opts	= icmp6_opts,
+	.x6_parse	= icmp6_parse,
+	.x6_options	= icmp6_opts,
 };
 
 void _init(void)
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index c75713d..666e7da 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -1,12 +1,8 @@
-/* Shared library add-on to iptables to add ICMP support. */
-#include <stdbool.h>
+#include <stdint.h>
 #include <stdio.h>
-#include <netdb.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
-#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <limits.h> /* INT_MAX in ip6_tables.h */
 #include <linux/netfilter_ipv4/ip_tables.h>
 
 /* special hack for icmp-type 'any': 
@@ -17,6 +13,10 @@
  * See: https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=37
  */
 
+enum {
+	O_ICMP_TYPE = 0,
+};
+
 struct icmp_names {
 	const char *name;
 	uint8_t type;
@@ -108,9 +108,10 @@ static void icmp_help(void)
 	print_icmptypes();
 }
 
-static const struct option icmp_opts[] = {
-	{.name = "icmp-type", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry icmp_opts[] = {
+	{.name = "icmp-type", .id = O_ICMP_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_INVERT},
+	XTOPT_TABLEEND,
 };
 
 static void 
@@ -174,26 +175,14 @@ static void icmp_init(struct xt_entry_match *m)
 	icmpinfo->code[1] = 0xFF;
 }
 
-static int icmp_parse(int c, char **argv, int invert, unsigned int *flags,
-                      const void *entry, struct xt_entry_match **match)
+static void icmp_parse(struct xt_option_call *cb)
 {
-	struct ipt_icmp *icmpinfo = (struct ipt_icmp *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags == 1)
-			xtables_error(PARAMETER_PROBLEM,
-				   "icmp match: only use --icmp-type once!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_icmp(optarg, &icmpinfo->type, 
-			   icmpinfo->code);
-		if (invert)
-			icmpinfo->invflags |= IPT_ICMP_INV;
-		*flags = 1;
-		break;
-	}
+	struct ipt_icmp *icmpinfo = cb->data;
 
-	return 1;
+	xtables_option_parse(cb);
+	parse_icmp(cb->arg, &icmpinfo->type, icmpinfo->code);
+	if (cb->invert)
+		icmpinfo->invflags |= IPT_ICMP_INV;
 }
 
 static void print_icmptype(uint8_t type,
@@ -268,10 +257,10 @@ static struct xtables_match icmp_mt_reg = {
 	.userspacesize	= XT_ALIGN(sizeof(struct ipt_icmp)),
 	.help		= icmp_help,
 	.init		= icmp_init,
-	.parse		= icmp_parse,
 	.print		= icmp_print,
 	.save		= icmp_save,
-	.extra_opts	= icmp_opts,
+	.x6_parse	= icmp_parse,
+	.x6_options	= icmp_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 13/28] libip6t_ipv6header: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libip6t_ipv6header.c |   88 ++++++++++++---------------------------
 1 files changed, 27 insertions(+), 61 deletions(-)

diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index c05cedb..fca6f32 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -3,24 +3,18 @@ on whether they contain certain headers */
 
 /* Original idea: Brad Chapman 
  * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
-
-#include <getopt.h>
-#include <xtables.h>
-#include <stdbool.h>
-#include <stddef.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <netdb.h>
-#include <sys/types.h>
-
+#include <xtables.h>
 #include <linux/netfilter_ipv6/ip6t_ipv6header.h>
 
-/* This maybe required 
-#include <linux/in.h>
-#include <linux/in6.h>
-*/
-
+enum {
+	O_HEADER = 0,
+	O_SOFT,
+};
 
 /* A few hardcoded protocols for 'all' and in case the user has no
  *    /etc/protocols */
@@ -140,10 +134,11 @@ static void ipv6header_help(void)
 "--soft                    The header CONTAINS the specified extensions\n");
 }
 
-static const struct option ipv6header_opts[] = {
-	{.name = "header", .has_arg = true,  .val = '1'},
-	{.name = "soft",   .has_arg = false, .val = '2'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry ipv6header_opts[] = {
+	{.name = "header", .id = O_HEADER, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_INVERT},
+	{.name = "soft", .id = O_SOFT, .type = XTTYPE_NONE},
+	XTOPT_TABLEEND,
 };
 
 static unsigned int
@@ -161,50 +156,22 @@ parse_header(const char *flags) {
         return ret;
 }
 
-#define IPV6_HDR_HEADER	0x01
-#define IPV6_HDR_SOFT	0x02
-
-static int
-ipv6header_parse(int c, char **argv, int invert, unsigned int *flags,
-                 const void *entry, struct xt_entry_match **match)
+static void ipv6header_parse(struct xt_option_call *cb)
 {
-	struct ip6t_ipv6header_info *info = (struct ip6t_ipv6header_info *)(*match)->data;
-
-	switch (c) {
-		case '1' : 
-			/* Parse the provided header names */
-			if (*flags & IPV6_HDR_HEADER)
-				xtables_error(PARAMETER_PROBLEM,
-					"Only one `--header' allowed");
-
-			xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
-			if (! (info->matchflags = parse_header(optarg)) )
-				xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
-
-			if (invert) 
-				info->invflags |= 0xFF;
-			*flags |= IPV6_HDR_HEADER;
-			break;
-		case '2' : 
-			/* Soft-mode requested? */
-			if (*flags & IPV6_HDR_SOFT)
-				xtables_error(PARAMETER_PROBLEM,
-					"Only one `--soft' allowed");
-
-			info->modeflag |= 0xFF;
-			*flags |= IPV6_HDR_SOFT;
-			break;
+	struct ip6t_ipv6header_info *info = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_HEADER:
+		if (!(info->matchflags = parse_header(cb->arg)))
+			xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
+		if (cb->invert) 
+			info->invflags |= 0xFF;
+		break;
+	case O_SOFT:
+		info->modeflag |= 0xFF;
+		break;
 	}
-
-	return 1;
-}
-
-static void ipv6header_check(unsigned int flags)
-{
-	if (!(flags & IPV6_HDR_HEADER))
-		xtables_error(PARAMETER_PROBLEM,
-			"ip6t_ipv6header: no options specified");
 }
 
 static void
@@ -266,11 +233,10 @@ static struct xtables_match ipv6header_mt6_reg = {
 	.size		= XT_ALIGN(sizeof(struct ip6t_ipv6header_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct ip6t_ipv6header_info)),
 	.help		= ipv6header_help,
-	.parse		= ipv6header_parse,
-	.final_check	= ipv6header_check,
 	.print		= ipv6header_print,
 	.save		= ipv6header_save,
-	.extra_opts	= ipv6header_opts,
+	.x6_parse	= ipv6header_parse,
+	.x6_options	= ipv6header_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 14/28] libipt_ECN: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libipt_ECN.c |   95 ++++++++++++++++++----------------------------
 extensions/libipt_ecn.c |   82 +++++++++++++++-------------------------
 2 files changed, 68 insertions(+), 109 deletions(-)

diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c
index 2aa1a00..ee09f29 100644
--- a/extensions/libipt_ECN.c
+++ b/extensions/libipt_ECN.c
@@ -6,15 +6,20 @@
  *
  * libipt_ECN.c borrowed heavily from libipt_DSCP.c
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
 #include <linux/netfilter_ipv4/ipt_ECN.h>
 
+enum {
+	O_ECN_TCP_REMOVE = 0,
+	O_ECN_TCP_CWR,
+	O_ECN_TCP_ECE,
+	O_ECN_IP_ECT,
+	F_ECN_TCP_REMOVE = 1 << O_ECN_TCP_REMOVE,
+	F_ECN_TCP_CWR    = 1 << O_ECN_TCP_CWR,
+	F_ECN_TCP_ECE    = 1 << O_ECN_TCP_ECE,
+};
+
 static void ECN_help(void)
 {
 	printf(
@@ -29,73 +34,47 @@ static void ECN_help(void)
 "  --ecn-tcp-ece		Set the IPv4 ECE bit (0 or 1)\n",
 #endif
 
-
-static const struct option ECN_opts[] = {
-	{.name = "ecn-tcp-remove", .has_arg = false, .val = 'F'},
-	{.name = "ecn-tcp-cwr",    .has_arg = true,  .val = 'G'},
-	{.name = "ecn-tcp-ece",    .has_arg = true,  .val = 'H'},
-	{.name = "ecn-ip-ect",     .has_arg = true,  .val = '9'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry ECN_opts[] = {
+	{.name = "ecn-tcp-remove", .id = O_ECN_TCP_REMOVE, .type = XTTYPE_NONE,
+	 .excl = F_ECN_TCP_CWR | F_ECN_TCP_ECE},
+	{.name = "ecn-tcp-cwr", .id = O_ECN_TCP_CWR, .type = XTTYPE_UINT8,
+	 .min = 0, .max = 1, .excl = F_ECN_TCP_REMOVE},
+	{.name = "ecn-tcp-ece", .id = O_ECN_TCP_ECE, .type = XTTYPE_UINT8,
+	 .min = 0, .max = 1, .excl = F_ECN_TCP_REMOVE},
+	{.name = "ecn-ip-ect", .id = O_ECN_IP_ECT, .type = XTTYPE_UINT8,
+	 .min = 0, .max = 3},
+	XTOPT_TABLEEND,
 };
 
-static int ECN_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_target **target)
+static void ECN_parse(struct xt_option_call *cb)
 {
-	unsigned int result;
-	struct ipt_ECN_info *einfo
-		= (struct ipt_ECN_info *)(*target)->data;
-
-	switch (c) {
-	case 'F':
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-			        "ECN target: Only use --ecn-tcp-remove ONCE!");
+	struct ipt_ECN_info *einfo = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_ECN_TCP_REMOVE:
 		einfo->operation = IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR;
 		einfo->proto.tcp.ece = 0;
 		einfo->proto.tcp.cwr = 0;
-		*flags |= IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR;
 		break;
-	case 'G':
-		if (*flags & IPT_ECN_OP_SET_CWR)
-			xtables_error(PARAMETER_PROBLEM,
-				"ECN target: Only use --ecn-tcp-cwr ONCE!");
-		if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
-			xtables_error(PARAMETER_PROBLEM,
-				   "ECN target: Value out of range");
+	case O_ECN_TCP_CWR:
 		einfo->operation |= IPT_ECN_OP_SET_CWR;
-		einfo->proto.tcp.cwr = result;
-		*flags |= IPT_ECN_OP_SET_CWR;
+		einfo->proto.tcp.cwr = cb->val.u8;
 		break;
-	case 'H':
-		if (*flags & IPT_ECN_OP_SET_ECE)
-			xtables_error(PARAMETER_PROBLEM,
-				"ECN target: Only use --ecn-tcp-ece ONCE!");
-		if (!xtables_strtoui(optarg, NULL, &result, 0, 1))
-			xtables_error(PARAMETER_PROBLEM,
-				   "ECN target: Value out of range");
+	case O_ECN_TCP_ECE:
 		einfo->operation |= IPT_ECN_OP_SET_ECE;
-		einfo->proto.tcp.ece = result;
-		*flags |= IPT_ECN_OP_SET_ECE;
+		einfo->proto.tcp.ece = cb->val.u8;
 		break;
-	case '9':
-		if (*flags & IPT_ECN_OP_SET_IP)
-			xtables_error(PARAMETER_PROBLEM,
-				"ECN target: Only use --ecn-ip-ect ONCE!");
-		if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
-			xtables_error(PARAMETER_PROBLEM,
-				   "ECN target: Value out of range");
+	case O_ECN_IP_ECT:
 		einfo->operation |= IPT_ECN_OP_SET_IP;
-		einfo->ip_ect = result;
-		*flags |= IPT_ECN_OP_SET_IP;
+		einfo->ip_ect = cb->val.u8;
 		break;
 	}
-
-	return 1;
 }
 
-static void ECN_check(unsigned int flags)
+static void ECN_check(struct xt_fcheck_call *cb)
 {
-	if (!flags)
+	if (cb->xflags == 0)
 		xtables_error(PARAMETER_PROBLEM,
 		           "ECN target: An operation is required");
 }
@@ -153,11 +132,11 @@ static struct xtables_target ecn_tg_reg = {
 	.size		= XT_ALIGN(sizeof(struct ipt_ECN_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct ipt_ECN_info)),
 	.help		= ECN_help,
-	.parse		= ECN_parse,
-	.final_check	= ECN_check,
 	.print		= ECN_print,
 	.save		= ECN_save,
-	.extra_opts	= ECN_opts,
+	.x6_parse	= ECN_parse,
+	.x6_fcheck	= ECN_check,
+	.x6_options	= ECN_opts,
 };
 
 void _init(void)
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
index d6b521f..56a0347 100644
--- a/extensions/libipt_ecn.c
+++ b/extensions/libipt_ecn.c
@@ -7,15 +7,16 @@
  * libipt_ecn.c borrowed heavily from libipt_dscp.c
  *
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
 #include <linux/netfilter_ipv4/ipt_ecn.h>
 
+enum {
+	O_ECN_TCP_CWR = 0,
+	O_ECN_TCP_ECE,
+	O_ECN_IP_ECT,
+};
+
 static void ecn_help(void)
 {
 	printf(
@@ -25,65 +26,44 @@ static void ecn_help(void)
 "[!] --ecn-ip-ect [0..3]	Match ECN codepoint in IPv4 header\n");
 }
 
-static const struct option ecn_opts[] = {
-	{.name = "ecn-tcp-cwr", .has_arg = false, .val = 'F'},
-	{.name = "ecn-tcp-ece", .has_arg = false, .val = 'G'},
-	{.name = "ecn-ip-ect",  .has_arg = true,  .val = 'H'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry ecn_opts[] = {
+	{.name = "ecn-tcp-cwr", .id = O_ECN_TCP_CWR, .type = XTTYPE_NONE,
+	 .flags = XTOPT_INVERT},
+	{.name = "ecn-tcp-ece", .id = O_ECN_TCP_ECE, .type = XTTYPE_NONE,
+	 .flags = XTOPT_INVERT},
+	{.name = "ecn-ip-ect", .id = O_ECN_IP_ECT, .type = XTTYPE_UINT8,
+	 .min = 0, .max = 3, .flags = XTOPT_INVERT},
+	XTOPT_TABLEEND,
 };
 
-static int ecn_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_match **match)
+static void ecn_parse(struct xt_option_call *cb)
 {
-	unsigned int result;
-	struct ipt_ecn_info *einfo
-		= (struct ipt_ecn_info *)(*match)->data;
-
-	switch (c) {
-	case 'F':
-		if (*flags & IPT_ECN_OP_MATCH_CWR)
-			xtables_error(PARAMETER_PROBLEM,
-			           "ECN match: can only use parameter ONCE!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+	struct ipt_ecn_info *einfo = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_ECN_TCP_CWR:
 		einfo->operation |= IPT_ECN_OP_MATCH_CWR;
-		if (invert)
+		if (cb->invert)
 			einfo->invert |= IPT_ECN_OP_MATCH_CWR;
-		*flags |= IPT_ECN_OP_MATCH_CWR;
 		break;
-
-	case 'G':
-		if (*flags & IPT_ECN_OP_MATCH_ECE)
-			xtables_error(PARAMETER_PROBLEM,
-				   "ECN match: can only use parameter ONCE!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+	case O_ECN_TCP_ECE:
 		einfo->operation |= IPT_ECN_OP_MATCH_ECE;
-		if (invert)
+		if (cb->invert)
 			einfo->invert |= IPT_ECN_OP_MATCH_ECE;
-		*flags |= IPT_ECN_OP_MATCH_ECE;
 		break;
-
-	case 'H':
-		if (*flags & IPT_ECN_OP_MATCH_IP)
-			xtables_error(PARAMETER_PROBLEM,
-				   "ECN match: can only use parameter ONCE!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		if (invert)
+	case O_ECN_IP_ECT:
+		if (cb->invert)
 			einfo->invert |= IPT_ECN_OP_MATCH_IP;
-		*flags |= IPT_ECN_OP_MATCH_IP;
 		einfo->operation |= IPT_ECN_OP_MATCH_IP;
-		if (!xtables_strtoui(optarg, NULL, &result, 0, 3))
-			xtables_error(PARAMETER_PROBLEM,
-				   "ECN match: Value out of range");
-		einfo->ip_ect = result;
+		einfo->ip_ect = cb->val.u8;
 		break;
 	}
-
-	return 1;
 }
 
-static void ecn_check(unsigned int flags)
+static void ecn_check(struct xt_fcheck_call *cb)
 {
-	if (!flags)
+	if (cb->xflags == 0)
 		xtables_error(PARAMETER_PROBLEM,
 		           "ECN match: some option required");
 }
@@ -144,11 +124,11 @@ static struct xtables_match ecn_mt_reg = {
 	.size          = XT_ALIGN(sizeof(struct ipt_ecn_info)),
 	.userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)),
 	.help          = ecn_help,
-	.parse         = ecn_parse,
-	.final_check   = ecn_check,
 	.print         = ecn_print,
 	.save          = ecn_save,
-	.extra_opts    = ecn_opts,
+	.x6_parse      = ecn_parse,
+	.x6_fcheck     = ecn_check,
+	.x6_options    = ecn_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 15/28] libipt_addrtype: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libipt_addrtype.c |  160 +++++++++++++++---------------------------
 1 files changed, 57 insertions(+), 103 deletions(-)

diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index a592f0d..3dec626 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -1,15 +1,22 @@
 /* Shared library add-on to iptables to add addrtype matching support 
  * 
  * This program is released under the terms of GNU GPL */
-#include <stdbool.h>
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
-#include <getopt.h>
 #include <xtables.h>
-
 #include <linux/netfilter_ipv4/ipt_addrtype.h>
 
+enum {
+	O_SRC_TYPE = 0,
+	O_DST_TYPE,
+	O_LIMIT_IFACE_IN,
+	O_LIMIT_IFACE_OUT,
+	F_SRC_TYPE        = 1 << O_SRC_TYPE,
+	F_DST_TYPE        = 1 << O_DST_TYPE,
+	F_LIMIT_IFACE_IN  = 1 << O_LIMIT_IFACE_IN,
+	F_LIMIT_IFACE_OUT = 1 << O_LIMIT_IFACE_OUT,
+};
+
 /* from linux/rtnetlink.h, must match order of enumeration */
 static const char *const rtn_names[] = {
 	"UNSPEC",
@@ -89,110 +96,57 @@ static void parse_types(const char *arg, uint16_t *mask)
 		xtables_error(PARAMETER_PROBLEM, "addrtype: bad type \"%s\"", arg);
 }
 	
-#define IPT_ADDRTYPE_OPT_SRCTYPE	0x1
-#define IPT_ADDRTYPE_OPT_DSTTYPE	0x2
-#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN		0x4
-#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT	0x8
-
-static int
-addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags,
-                  const void *entry, struct xt_entry_match **match)
+static void addrtype_parse_v0(struct xt_option_call *cb)
 {
-	struct ipt_addrtype_info *info =
-		(struct ipt_addrtype_info *) (*match)->data;
+	struct ipt_addrtype_info *info = cb->data;
 
-	switch (c) {
-	case '1':
-		if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE)
-			xtables_error(PARAMETER_PROBLEM,
-			           "addrtype: can't specify src-type twice");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_types(optarg, &info->source);
-		if (invert)
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_SRC_TYPE:
+		parse_types(cb->arg, &info->source);
+		if (cb->invert)
 			info->invert_source = 1;
-		*flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
 		break;
-	case '2':
-		if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE)
-			xtables_error(PARAMETER_PROBLEM,
-			           "addrtype: can't specify dst-type twice");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_types(optarg, &info->dest);
-		if (invert)
+	case O_DST_TYPE:
+		parse_types(cb->arg, &info->dest);
+		if (cb->invert)
 			info->invert_dest = 1;
-		*flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
 		break;
 	}
-	
-	return 1;
 }
 
-static int
-addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
-                  const void *entry, struct xt_entry_match **match)
+static void addrtype_parse_v1(struct xt_option_call *cb)
 {
-	struct ipt_addrtype_info_v1 *info =
-		(struct ipt_addrtype_info_v1 *) (*match)->data;
+	struct ipt_addrtype_info_v1 *info = cb->data;
 
-	switch (c) {
-	case '1':
-		if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE)
-			xtables_error(PARAMETER_PROBLEM,
-			           "addrtype: can't specify src-type twice");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_types(optarg, &info->source);
-		if (invert)
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_SRC_TYPE:
+		parse_types(cb->arg, &info->source);
+		if (cb->invert)
 			info->flags |= IPT_ADDRTYPE_INVERT_SOURCE;
-		*flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
 		break;
-	case '2':
-		if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE)
-			xtables_error(PARAMETER_PROBLEM,
-			           "addrtype: can't specify dst-type twice");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_types(optarg, &info->dest);
-		if (invert)
+	case O_DST_TYPE:
+		parse_types(cb->arg, &info->dest);
+		if (cb->invert)
 			info->flags |= IPT_ADDRTYPE_INVERT_DEST;
-		*flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
 		break;
-	case '3':
-		if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN)
-			xtables_error(PARAMETER_PROBLEM,
-			           "addrtype: can't specify limit-iface-in twice");
+	case O_LIMIT_IFACE_IN:
 		info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_IN;
-		*flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN;
 		break;
-	case '4':
-		if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
-			xtables_error(PARAMETER_PROBLEM,
-			           "addrtype: can't specify limit-iface-out twice");
+	case O_LIMIT_IFACE_OUT:
 		info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_OUT;
-		*flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT;
 		break;
 	}
-	
-	return 1;
 }
 
-static void addrtype_check_v0(unsigned int flags)
+static void addrtype_check(struct xt_fcheck_call *cb)
 {
-	if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
+	if (!(cb->xflags & (F_SRC_TYPE | F_DST_TYPE)))
 		xtables_error(PARAMETER_PROBLEM,
 			   "addrtype: you must specify --src-type or --dst-type");
 }
 
-static void addrtype_check_v1(unsigned int flags)
-{
-	if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
-		xtables_error(PARAMETER_PROBLEM,
-			   "addrtype: you must specify --src-type or --dst-type");
-	if (flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN &&
-	    flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
-		xtables_error(PARAMETER_PROBLEM,
-			   "addrtype: you can't specify both --limit-iface-in "
-			   "and --limit-iface-out");
-}
-
 static void print_types(uint16_t mask)
 {
 	const char *sep = "";
@@ -297,24 +251,24 @@ static void addrtype_save_v1(const void *ip, const struct xt_entry_match *match)
 	}
 }
 
-static const struct option addrtype_opts[] = {
-	{.name = "src-type", .has_arg = true, .val = '1'},
-	{.name = "dst-type", .has_arg = true, .val = '2'},
-	XT_GETOPT_TABLEEND,
-};
-
-static const struct option addrtype_opts_v0[] = {
-	{.name = "src-type", .has_arg = true, .val = '1'},
-	{.name = "dst-type", .has_arg = true, .val = '2'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry addrtype_opts_v0[] = {
+	{.name = "src-type", .id = O_SRC_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
+	{.name = "dst-type", .id = O_DST_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
+	XTOPT_TABLEEND,
 };
 
-static const struct option addrtype_opts_v1[] = {
-	{.name = "src-type",        .has_arg = true,  .val = '1'},
-	{.name = "dst-type",        .has_arg = true,  .val = '2'},
-	{.name = "limit-iface-in",  .has_arg = false, .val = '3'},
-	{.name = "limit-iface-out", .has_arg = false, .val = '4'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry addrtype_opts_v1[] = {
+	{.name = "src-type", .id = O_SRC_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
+	{.name = "dst-type", .id = O_DST_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
+	{.name = "limit-iface-in", .id = O_LIMIT_IFACE_IN,
+	 .type = XTTYPE_NONE, .excl = F_LIMIT_IFACE_OUT},
+	{.name = "limit-iface-out", .id = O_LIMIT_IFACE_OUT,
+	 .type = XTTYPE_NONE, .excl = F_LIMIT_IFACE_IN},
+	XTOPT_TABLEEND,
 };
 
 static struct xtables_match addrtype_mt_reg[] = {
@@ -325,11 +279,11 @@ static struct xtables_match addrtype_mt_reg[] = {
 		.size          = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
 		.userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
 		.help          = addrtype_help_v0,
-		.parse         = addrtype_parse_v0,
-		.final_check   = addrtype_check_v0,
 		.print         = addrtype_print_v0,
 		.save          = addrtype_save_v0,
-		.extra_opts    = addrtype_opts_v0,
+		.x6_parse      = addrtype_parse_v0,
+		.x6_fcheck     = addrtype_check,
+		.x6_options    = addrtype_opts_v0,
 	},
 	{
 		.name          = "addrtype",
@@ -339,11 +293,11 @@ static struct xtables_match addrtype_mt_reg[] = {
 		.size          = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
 		.userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
 		.help          = addrtype_help_v1,
-		.parse         = addrtype_parse_v1,
-		.final_check   = addrtype_check_v1,
 		.print         = addrtype_print_v1,
 		.save          = addrtype_save_v1,
-		.extra_opts    = addrtype_opts_v1,
+		.x6_parse      = addrtype_parse_v1,
+		.x6_fcheck     = addrtype_check,
+		.x6_options    = addrtype_opts_v1,
 	},
 };
 
-- 
1.7.1

[PATCH 16/28] libxt_AUDIT: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_AUDIT.c |   66 +++++++++++++++------------------------------
 1 files changed, 22 insertions(+), 44 deletions(-)

diff --git a/extensions/libxt_AUDIT.c b/extensions/libxt_AUDIT.c
index a6ab37f..86a61cb 100644
--- a/extensions/libxt_AUDIT.c
+++ b/extensions/libxt_AUDIT.c
@@ -5,16 +5,15 @@
  *
  * This program is distributed under the terms of GNU GPL v2, 1991
  */
-
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
 #include <linux/netfilter/xt_AUDIT.h>
 
+enum {
+	O_AUDIT_TYPE = 0,
+};
+
 static void audit_help(void)
 {
 	printf(
@@ -22,46 +21,26 @@ static void audit_help(void)
 "  --type TYPE		Action type to be recorded.\n");
 }
 
-static const struct option audit_opts[] = {
-	{.name = "type", .has_arg = true, .val = 't'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry audit_opts[] = {
+	{.name = "type", .id = O_AUDIT_TYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND},
+	XTOPT_TABLEEND,
 };
 
-static int audit_parse(int c, char **argv, int invert, unsigned int *flags,
-                     const void *entry, struct xt_entry_target **target)
-{
-	struct xt_audit_info *einfo
-		= (struct xt_audit_info *)(*target)->data;
-
-	switch (c) {
-	case 't':
-		if (!strcasecmp(optarg, "accept"))
-			einfo->type = XT_AUDIT_TYPE_ACCEPT;
-		else if (!strcasecmp(optarg, "drop"))
-			einfo->type = XT_AUDIT_TYPE_DROP;
-		else if (!strcasecmp(optarg, "reject"))
-			einfo->type = XT_AUDIT_TYPE_REJECT;
-		else
-			xtables_error(PARAMETER_PROBLEM,
-				   "Bad action type value `%s'", optarg);
-
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-			           "AUDIT: Can't specify --type twice");
-		*flags = 1;
-		break;
-	default:
-		return 0;
-	}
-
-	return 1;
-}
-
-static void audit_final_check(unsigned int flags)
+static void audit_parse(struct xt_option_call *cb)
 {
-	if (!flags)
+	struct xt_audit_info *einfo = cb->data;
+
+	xtables_option_parse(cb);
+	if (strcasecmp(cb->arg, "accept") == 0)
+		einfo->type = XT_AUDIT_TYPE_ACCEPT;
+	else if (strcasecmp(cb->arg, "drop") == 0)
+		einfo->type = XT_AUDIT_TYPE_DROP;
+	else if (strcasecmp(cb->arg, "reject") == 0)
+		einfo->type = XT_AUDIT_TYPE_REJECT;
+	else
 		xtables_error(PARAMETER_PROBLEM,
-		           "AUDIT target: Parameter --type is required");
+			   "Bad action type value \"%s\"", cb->arg);
 }
 
 static void audit_print(const void *ip, const struct xt_entry_target *target,
@@ -110,11 +89,10 @@ static struct xtables_target audit_tg_reg = {
 	.size		= XT_ALIGN(sizeof(struct xt_audit_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_audit_info)),
 	.help		= audit_help,
-	.parse		= audit_parse,
-	.final_check	= audit_final_check,
 	.print		= audit_print,
 	.save		= audit_save,
-	.extra_opts	= audit_opts,
+	.x6_parse	= audit_parse,
+	.x6_options	= audit_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 17/28] libxt_CLASSIFY: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_CLASSIFY.c |   55 +++++++++++-------------------------------
 1 files changed, 15 insertions(+), 40 deletions(-)

diff --git a/extensions/libxt_CLASSIFY.c b/extensions/libxt_CLASSIFY.c
index e9a0365..ee0f9e1 100644
--- a/extensions/libxt_CLASSIFY.c
+++ b/extensions/libxt_CLASSIFY.c
@@ -1,16 +1,12 @@
-/* Shared library add-on to iptables to add CLASSIFY target support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
-#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_CLASSIFY.h>
-#include <linux/types.h>
 #include <linux/pkt_sched.h>
 
+enum {
+	O_SET_CLASS = 0,
+};
+
 static void
 CLASSIFY_help(void)
 {
@@ -19,9 +15,10 @@ CLASSIFY_help(void)
 "--set-class MAJOR:MINOR    Set skb->priority value (always hexadecimal!)\n");
 }
 
-static const struct option CLASSIFY_opts[] = {
-	{.name = "set-class", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry CLASSIFY_opts[] = {
+	{.name = "set-class", .id = O_SET_CLASS, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND},
+	XTOPT_TABLEEND,
 };
 
 static int CLASSIFY_string_to_priority(const char *s, unsigned int *p)
@@ -35,35 +32,14 @@ static int CLASSIFY_string_to_priority(const char *s, unsigned int *p)
 	return 0;
 }
 
-static int
-CLASSIFY_parse(int c, char **argv, int invert, unsigned int *flags,
-      const void *entry,
-      struct xt_entry_target **target)
+static void CLASSIFY_parse(struct xt_option_call *cb)
 {
-	struct xt_classify_target_info *clinfo
-		= (struct xt_classify_target_info *)(*target)->data;
-
-	switch (c) {
-	case '1':
-		if (CLASSIFY_string_to_priority(optarg, &clinfo->priority))
-			xtables_error(PARAMETER_PROBLEM,
-				   "Bad class value `%s'", optarg);
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-			           "CLASSIFY: Can't specify --set-class twice");
-		*flags = 1;
-		break;
-	}
+	struct xt_classify_target_info *clinfo = cb->data;
 
-	return 1;
-}
-
-static void
-CLASSIFY_final_check(unsigned int flags)
-{
-	if (!flags)
+	xtables_option_parse(cb);
+	if (CLASSIFY_string_to_priority(cb->arg, &clinfo->priority))
 		xtables_error(PARAMETER_PROBLEM,
-		           "CLASSIFY: Parameter --set-class is required");
+			   "Bad class value \"%s\"", cb->arg);
 }
 
 static void
@@ -100,11 +76,10 @@ static struct xtables_target classify_target = {
 	.size		= XT_ALIGN(sizeof(struct xt_classify_target_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_classify_target_info)),
 	.help		= CLASSIFY_help,
-	.parse		= CLASSIFY_parse,
-	.final_check	= CLASSIFY_final_check,
 	.print		= CLASSIFY_print,
 	.save		= CLASSIFY_save,
-	.extra_opts	= CLASSIFY_opts,
+	.x6_parse	= CLASSIFY_parse,
+	.x6_options	= CLASSIFY_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 18/28] libxt_DSCP: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_DSCP.c |   87 +++++++++++++------------------------------
 extensions/libxt_dscp.c |   94 ++++++++++++++---------------------------------
 2 files changed, 54 insertions(+), 127 deletions(-)

diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index db27d68..e16e93c 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -9,19 +9,21 @@
  *
  * --set-class added by Iain Barnes
  */
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
-#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_DSCP.h>
 
 /* This is evil, but it's my code - HW*/
 #include "dscp_helper.c"
 
+enum {
+	O_SET_DSCP = 0,
+	O_SET_DSCP_CLASS,
+	F_SET_DSCP       = 1 << O_SET_DSCP,
+	F_SET_DSCP_CLASS = 1 << O_SET_DSCP_CLASS,
+};
+
 static void DSCP_help(void)
 {
 	printf(
@@ -38,68 +40,31 @@ static void DSCP_help(void)
 );
 }
 
-static const struct option DSCP_opts[] = {
-	{.name = "set-dscp",       .has_arg = true, .val = 'F'},
-	{.name = "set-dscp-class", .has_arg = true, .val = 'G'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry DSCP_opts[] = {
+	{.name = "set-dscp", .id = O_SET_DSCP, .excl = F_SET_DSCP_CLASS,
+	 .type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX,
+	 .flags = XTOPT_PUT,
+	 XTOPT_POINTER(struct xt_DSCP_info, dscp)},
+	{.name = "set-dscp-class", .id = O_SET_DSCP_CLASS, .excl = F_SET_DSCP,
+	 .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
-static void
-parse_dscp(const char *s, struct xt_DSCP_info *dinfo)
-{
-	unsigned int dscp;
-       
-	if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
-		xtables_error(PARAMETER_PROBLEM,
-			   "Invalid dscp `%s'\n", s);
-
-	if (dscp > XT_DSCP_MAX)
-		xtables_error(PARAMETER_PROBLEM,
-			   "DSCP `%d` out of range\n", dscp);
-
-	dinfo->dscp = dscp;
-}
-
-
-static void
-parse_class(const char *s, struct xt_DSCP_info *dinfo)
-{
-	unsigned int dscp = class_to_dscp(s);
-
-	/* Assign the value */
-	dinfo->dscp = dscp;
-}
-
-
-static int DSCP_parse(int c, char **argv, int invert, unsigned int *flags,
-                      const void *entry, struct xt_entry_target **target)
+static void DSCP_parse(struct xt_option_call *cb)
 {
-	struct xt_DSCP_info *dinfo
-		= (struct xt_DSCP_info *)(*target)->data;
+	struct xt_DSCP_info *dinfo = cb->data;
 
-	switch (c) {
-	case 'F':
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-			           "DSCP target: Only use --set-dscp ONCE!");
-		parse_dscp(optarg, dinfo);
-		*flags = 1;
-		break;
-	case 'G':
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-				   "DSCP target: Only use --set-dscp-class ONCE!");
-		parse_class(optarg, dinfo);
-		*flags = 1;
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_SET_DSCP_CLASS:
+		dinfo->dscp = class_to_dscp(cb->arg);
 		break;
 	}
-
-	return 1;
 }
 
-static void DSCP_check(unsigned int flags)
+static void DSCP_check(struct xt_fcheck_call *cb)
 {
-	if (!flags)
+	if (cb->xflags == 0)
 		xtables_error(PARAMETER_PROBLEM,
 		           "DSCP target: Parameter --set-dscp is required");
 }
@@ -134,11 +99,11 @@ static struct xtables_target dscp_target = {
 	.size		= XT_ALIGN(sizeof(struct xt_DSCP_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_DSCP_info)),
 	.help		= DSCP_help,
-	.parse		= DSCP_parse,
-	.final_check	= DSCP_check,
 	.print		= DSCP_print,
 	.save		= DSCP_save,
-	.extra_opts	= DSCP_opts,
+	.x6_parse	= DSCP_parse,
+	.x6_fcheck	= DSCP_check,
+	.x6_options	= DSCP_opts,
 };
 
 void _init(void)
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index b07f83b..69533d6 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -12,19 +12,21 @@
  * http://www.iana.org/assignments/dscp-registry
  *
  */
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
-#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_dscp.h>
 
 /* This is evil, but it's my code - HW*/
 #include "dscp_helper.c"
 
+enum {
+	O_DSCP = 0,
+	O_DSCP_CLASS,
+	F_DSCP       = 1 << O_DSCP,
+	F_DSCP_CLASS = 1 << O_DSCP_CLASS,
+};
+
 static void dscp_help(void)
 {
 	printf(
@@ -38,76 +40,36 @@ static void dscp_help(void)
 "				These two options are mutually exclusive !\n");
 }
 
-static const struct option dscp_opts[] = {
-	{.name = "dscp",       .has_arg = true, .val = 'F'},
-	{.name = "dscp-class", .has_arg = true, .val = 'G'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry dscp_opts[] = {
+	{.name = "dscp", .id = O_DSCP, .excl = F_DSCP_CLASS,
+	 .type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_dscp_info, dscp)},
+	{.name = "dscp-class", .id = O_DSCP_CLASS, .excl = F_DSCP,
+	 .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
-static void
-parse_dscp(const char *s, struct xt_dscp_info *dinfo)
-{
-	unsigned int dscp;
-       
-	if (!xtables_strtoui(s, NULL, &dscp, 0, UINT8_MAX))
-		xtables_error(PARAMETER_PROBLEM,
-			   "Invalid dscp `%s'\n", s);
-
-	if (dscp > XT_DSCP_MAX)
-		xtables_error(PARAMETER_PROBLEM,
-			   "DSCP `%d` out of range\n", dscp);
-
-	dinfo->dscp = dscp;
-}
-
-
-static void
-parse_class(const char *s, struct xt_dscp_info *dinfo)
-{
-	unsigned int dscp = class_to_dscp(s);
-
-	/* Assign the value */
-	dinfo->dscp = dscp;
-}
-
-
-static int
-dscp_parse(int c, char **argv, int invert, unsigned int *flags,
-           const void *entry, struct xt_entry_match **match)
+static void dscp_parse(struct xt_option_call *cb)
 {
-	struct xt_dscp_info *dinfo
-		= (struct xt_dscp_info *)(*match)->data;
+	struct xt_dscp_info *dinfo = cb->data;
 
-	switch (c) {
-	case 'F':
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-			           "DSCP match: Only use --dscp ONCE!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_dscp(optarg, dinfo);
-		if (invert)
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_DSCP:
+		if (cb->invert)
 			dinfo->invert = 1;
-		*flags = 1;
 		break;
-
-	case 'G':
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-					"DSCP match: Only use --dscp-class ONCE!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		parse_class(optarg, dinfo);
-		if (invert)
+	case O_DSCP_CLASS:
+		dinfo->dscp = class_to_dscp(cb->arg);
+		if (cb->invert)
 			dinfo->invert = 1;
-		*flags = 1;
 		break;
 	}
-
-	return 1;
 }
 
-static void dscp_check(unsigned int flags)
+static void dscp_check(struct xt_fcheck_call *cb)
 {
-	if (!flags)
+	if (cb->xflags == 0)
 		xtables_error(PARAMETER_PROBLEM,
 		           "DSCP match: Parameter --dscp is required");
 }
@@ -135,11 +97,11 @@ static struct xtables_match dscp_match = {
 	.size 		= XT_ALIGN(sizeof(struct xt_dscp_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_dscp_info)),
 	.help		= dscp_help,
-	.parse		= dscp_parse,
-	.final_check	= dscp_check,
 	.print		= dscp_print,
 	.save		= dscp_save,
-	.extra_opts	= dscp_opts,
+	.x6_parse	= dscp_parse,
+	.x6_fcheck	= dscp_check,
+	.x6_options	= dscp_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 19/28] libxt_LED: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_LED.c |   84 +++++++++++++++++++-----------------------------
 1 files changed, 33 insertions(+), 51 deletions(-)

diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c
index 9e8b9b0..9d68fa2 100644
--- a/extensions/libxt_LED.c
+++ b/extensions/libxt_LED.c
@@ -9,23 +9,30 @@
  * published by the Free Software Foundation.
  *
  */
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <getopt.h>
-#include <stddef.h>
-
 #include <xtables.h>
-
 #include <linux/netfilter/xt_LED.h>
 
-static const struct option LED_opts[] = {
-	{.name = "led-trigger-id",   .has_arg = true,  .val = 'i'},
-	{.name = "led-delay",        .has_arg = true,  .val = 'd'},
-	{.name = "led-always-blink", .has_arg = false, .val = 'a'},
-	XT_GETOPT_TABLEEND,
+enum {
+	O_LED_TRIGGER_ID = 0,
+	O_LED_DELAY,
+	O_LED_ALWAYS_BLINK,
+};
+
+#define s struct xt_led_info
+static const struct xt_option_entry LED_opts[] = {
+	{.name = "led-trigger-id", .id = O_LED_TRIGGER_ID,
+	 .flags = XTOPT_MAND, .type = XTTYPE_STRING, .min = 0,
+	 .max = sizeof(((struct xt_led_info *)NULL)->id) -
+	        sizeof("netfilter-")},
+	{.name = "led-delay", .id = O_LED_DELAY, .type = XTTYPE_STRING},
+	{.name = "led-always-blink", .id = O_LED_ALWAYS_BLINK,
+	 .type = XTTYPE_NONE},
+	XTOPT_TABLEEND,
 };
+#undef s
 
 static void LED_help(void)
 {
@@ -39,50 +46,26 @@ static void LED_help(void)
 	);
 }
 
-static int LED_parse(int c, char **argv, int invert, unsigned int *flags,
-		     const void *entry, struct xt_entry_target **target)
+static void LED_parse(struct xt_option_call *cb)
 {
-	struct xt_led_info *led = (void *)(*target)->data;
-
-	switch (c) {
-	case 'i':
-		xtables_param_act(XTF_NO_INVERT, "LED",
-			"--led-trigger-id", invert);
-		if (strlen("netfilter-") + strlen(optarg) > sizeof(led->id))
-			xtables_error(PARAMETER_PROBLEM,
-				"--led-trigger-id must be 16 chars or less");
-		if (optarg[0] == '\0')
-			xtables_error(PARAMETER_PROBLEM,
-				"--led-trigger-id cannot be blank");
+	struct xt_led_info *led = cb->data;
 
-		/* "netfilter-" + 16 char id == 26 == sizeof(led->id) */
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_LED_TRIGGER_ID:
 		strcpy(led->id, "netfilter-");
-		strcat(led->id, optarg);
-		*flags = 1;
-		return true;
-
-	case 'd':
-		xtables_param_act(XTF_NO_INVERT, "LED", "--led-delay", invert);
-		if (strncasecmp(optarg, "inf", 3) == 0)
+		strcat(led->id, cb->arg);
+		break;
+	case O_LED_DELAY:
+		if (strncasecmp(cb->arg, "inf", 3) == 0)
 			led->delay = -1;
 		else
-			led->delay = strtoul(optarg, NULL, 0);
-
-		return true;
-
-	case 'a':
-		if (!invert)
-			led->always_blink = 1;
-		return true;
+			led->delay = strtoul(cb->arg, NULL, 0);
+		break;
+	case O_LED_ALWAYS_BLINK:
+		led->always_blink = 1;
+		break;
 	}
-	return false;
-}
-
-static void LED_final_check(unsigned int flags)
-{
-	if (flags == 0)
-		xtables_error(PARAMETER_PROBLEM,
-			"--led-trigger-id must be specified");
 }
 
 static void LED_print(const void *ip, const struct xt_entry_target *target,
@@ -142,11 +125,10 @@ static struct xtables_target led_tg_reg = {
 	.size          = XT_ALIGN(sizeof(struct xt_led_info)),
 	.userspacesize = offsetof(struct xt_led_info, internal_data),
 	.help          = LED_help,
-	.parse         = LED_parse,
-	.final_check   = LED_final_check,
-	.extra_opts    = LED_opts,
 	.print         = LED_print,
 	.save          = LED_save,
+	.x6_parse      = LED_parse,
+	.x6_options    = LED_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 20/28] libxt_SECMARK: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_SECMARK.c |   54 ++++++++++++-------------------------------
 1 files changed, 15 insertions(+), 39 deletions(-)

diff --git a/extensions/libxt_SECMARK.c b/extensions/libxt_SECMARK.c
index 5ad8486..6ba8606 100644
--- a/extensions/libxt_SECMARK.c
+++ b/extensions/libxt_SECMARK.c
@@ -5,16 +5,16 @@
  *
  * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com>
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
 #include <linux/netfilter/xt_SECMARK.h>
 
 #define PFX "SECMARK target: "
 
+enum {
+	O_SELCTX = 0,
+};
+
 static void SECMARK_help(void)
 {
 	printf(
@@ -22,42 +22,19 @@ static void SECMARK_help(void)
 "  --selctx value                     Set the SELinux security context\n");
 }
 
-static const struct option SECMARK_opts[] = {
-	{.name = "selctx", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry SECMARK_opts[] = {
+	{.name = "selctx", .id = O_SELCTX, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_PUT,
+	 XTOPT_POINTER(struct xt_secmark_target_info, secctx)},
+	XTOPT_TABLEEND,
 };
 
-static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags,
-                         const void *entry, struct xt_entry_target **target)
+static void SECMARK_parse(struct xt_option_call *cb)
 {
-	struct xt_secmark_target_info *info =
-		(struct xt_secmark_target_info*)(*target)->data;
-
-	switch (c) {
-	case '1':
-		if (*flags & SECMARK_MODE_SEL)
-			xtables_error(PARAMETER_PROBLEM, PFX
-				   "Can't specify --selctx twice");
-		info->mode = SECMARK_MODE_SEL;
-
-		if (strlen(optarg) > SECMARK_SECCTX_MAX-1)
-			xtables_error(PARAMETER_PROBLEM, PFX
-				   "Maximum length %u exceeded by --selctx"
-				   " parameter (%zu)",
-				   SECMARK_SECCTX_MAX-1, strlen(optarg));
-
-		strcpy(info->secctx, optarg);
-		*flags |= SECMARK_MODE_SEL;
-		break;
-	}
+	struct xt_secmark_target_info *info = cb->data;
 
-	return 1;
-}
-
-static void SECMARK_check(unsigned int flags)
-{
-	if (!flags)
-		xtables_error(PARAMETER_PROBLEM, PFX "parameter required");
+	xtables_option_parse(cb);
+	info->mode = SECMARK_MODE_SEL;
 }
 
 static void print_secmark(const struct xt_secmark_target_info *info)
@@ -99,11 +76,10 @@ static struct xtables_target secmark_target = {
 	.size		= XT_ALIGN(sizeof(struct xt_secmark_target_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_secmark_target_info)),
 	.help		= SECMARK_help,
-	.parse		= SECMARK_parse,
-	.final_check	= SECMARK_check,
 	.print		= SECMARK_print,
 	.save		= SECMARK_save,
-	.extra_opts	= SECMARK_opts,
+	.x6_parse	= SECMARK_parse,
+	.x6_options	= SECMARK_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 21/28] libxt_TCPOPTSTRIP: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_TCPOPTSTRIP.c |   46 ++++++++++-----------------------------
 1 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index 338a311..43320d1 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -4,21 +4,17 @@
  * Copyright © CC Computer Consultants GmbH, 2007
  * Jan Engelhardt <jengelh@computergmbh.de>
  */
-#include <getopt.h>
-#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdlib.h>
 #include <xtables.h>
 #include <netinet/tcp.h>
-#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_TCPOPTSTRIP.h>
 #ifndef TCPOPT_MD5SIG
 #	define TCPOPT_MD5SIG 19
 #endif
 
 enum {
-	FLAG_STRIP = 1 << 0,
+	O_STRIP_OPTION = 0,
 };
 
 struct tcp_optionmap {
@@ -26,9 +22,9 @@ struct tcp_optionmap {
 	const unsigned int option;
 };
 
-static const struct option tcpoptstrip_tg_opts[] = {
-	{.name = "strip-options", .has_arg = true, .val = 's'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry tcpoptstrip_tg_opts[] = {
+	{.name = "strip-options", .id = O_STRIP_OPTION, .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
 static const struct tcp_optionmap tcp_optionmap[] = {
@@ -56,7 +52,8 @@ static void tcpoptstrip_tg_help(void)
 		printf("    %-14s    strip \"%s\" option\n", w->name, w->desc);
 }
 
-static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg)
+static void
+parse_list(struct xt_tcpoptstrip_target_info *info, const char *arg)
 {
 	unsigned int option;
 	char *p;
@@ -94,30 +91,12 @@ static void parse_list(struct xt_tcpoptstrip_target_info *info, char *arg)
 	}
 }
 
-static int tcpoptstrip_tg_parse(int c, char **argv, int invert,
-                                unsigned int *flags, const void *entry,
-                                struct xt_entry_target **target)
+static void tcpoptstrip_tg_parse(struct xt_option_call *cb)
 {
-	struct xt_tcpoptstrip_target_info *info = (void *)(*target)->data;
-
-	switch (c) {
-	case 's':
-		if (*flags & FLAG_STRIP)
-			xtables_error(PARAMETER_PROBLEM,
-			           "You can specify --strip-options only once");
-		parse_list(info, optarg);
-		*flags |= FLAG_STRIP;
-		return true;
-	}
-
-	return false;
-}
+	struct xt_tcpoptstrip_target_info *info = cb->data;
 
-static void tcpoptstrip_tg_check(unsigned int flags)
-{
-	if (flags == 0)
-		xtables_error(PARAMETER_PROBLEM,
-		           "TCPOPTSTRIP: --strip-options parameter required");
+	xtables_option_parse(cb);
+	parse_list(info, cb->arg);
 }
 
 static void
@@ -176,11 +155,10 @@ static struct xtables_target tcpoptstrip_tg_reg = {
 	.size          = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
 	.userspacesize = XT_ALIGN(sizeof(struct xt_tcpoptstrip_target_info)),
 	.help          = tcpoptstrip_tg_help,
-	.parse         = tcpoptstrip_tg_parse,
-	.final_check   = tcpoptstrip_tg_check,
 	.print         = tcpoptstrip_tg_print,
 	.save          = tcpoptstrip_tg_save,
-	.extra_opts    = tcpoptstrip_tg_opts,
+	.x6_parse      = tcpoptstrip_tg_parse,
+	.x6_options    = tcpoptstrip_tg_opts,
 };
 
 void _init(void)
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 22/28] libxt_comment: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_comment.c |   61 ++++++++------------------------------------
 1 files changed, 11 insertions(+), 50 deletions(-)

diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index c10a254..6ed2ff9 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -6,15 +6,14 @@
  *     2004-05-12: Brad Fisher <brad@info-link.net>
  *         Port to patch-o-matic-ng
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
 #include <linux/netfilter/xt_comment.h>
 
+enum {
+	O_COMMENT = 0,
+};
+
 static void comment_help(void)
 {
 	printf(
@@ -22,51 +21,14 @@ static void comment_help(void)
 		"--comment COMMENT             Attach a comment to a rule\n");
 }
 
-static const struct option comment_opts[] = {
-	{.name = "comment", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry comment_opts[] = {
+	{.name = "comment", .id = O_COMMENT, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_PUT,
+	 XTOPT_POINTER(struct xt_comment_info, comment)},
+	XTOPT_TABLEEND,
 };
 
 static void
-parse_comment(const char *s, struct xt_comment_info *info)
-{	
-	int slen = strlen(s);
-
-	if (slen >= XT_MAX_COMMENT_LEN) {
-		xtables_error(PARAMETER_PROBLEM,
-			"COMMENT must be shorter than %i characters", XT_MAX_COMMENT_LEN);
-	}
-	strcpy((char *)info->comment, s);
-}
-
-static int
-comment_parse(int c, char **argv, int invert, unsigned int *flags,
-              const void *entry, struct xt_entry_match **match)
-{
-	struct xt_comment_info *commentinfo = (struct xt_comment_info *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		if (invert) {
-			xtables_error(PARAMETER_PROBLEM,
-					"Sorry, you can't have an inverted comment");
-		}
-		parse_comment(optarg, commentinfo);
-		*flags = 1;
-		break;
-	}
-	return 1;
-}
-
-static void comment_check(unsigned int flags)
-{
-	if (!flags)
-		xtables_error(PARAMETER_PROBLEM,
-			   "COMMENT match: You must specify `--comment'");
-}
-
-static void
 comment_print(const void *ip, const struct xt_entry_match *match, int numeric)
 {
 	struct xt_comment_info *commentinfo = (void *)match->data;
@@ -93,11 +55,10 @@ static struct xtables_match comment_match = {
 	.size		= XT_ALIGN(sizeof(struct xt_comment_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_comment_info)),
 	.help		= comment_help,
-	.parse		= comment_parse,
-	.final_check	= comment_check,
 	.print 		= comment_print,
 	.save 		= comment_save,
-	.extra_opts	= comment_opts,
+	.x6_parse	= xtables_option_parse,
+	.x6_options	= comment_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 23/28] libxt_helper: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_helper.c |   54 +++++++++++++-------------------------------
 1 files changed, 16 insertions(+), 38 deletions(-)

diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index 1761b4d..c9f9435 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -1,14 +1,11 @@
-/* Shared library add-on to iptables to add related packet matching support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
 #include <xtables.h>
 #include <linux/netfilter/xt_helper.h>
 
+enum {
+	O_HELPER = 0,
+};
+
 static void helper_help(void)
 {
 	printf(
@@ -16,38 +13,20 @@ static void helper_help(void)
 "[!] --helper string        Match helper identified by string\n");
 }
 
-static const struct option helper_opts[] = {
-	{.name = "helper", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry helper_opts[] = {
+	{.name = "helper", .id = O_HELPER, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_INVERT | XTOPT_PUT,
+	 XTOPT_POINTER(struct xt_helper_info, name)},
+	XTOPT_TABLEEND,
 };
 
-static int
-helper_parse(int c, char **argv, int invert, unsigned int *flags,
-             const void *entry, struct xt_entry_match **match)
+static void helper_parse(struct xt_option_call *cb)
 {
-	struct xt_helper_info *info = (struct xt_helper_info *)(*match)->data;
+	struct xt_helper_info *info = cb->data;
 
-	switch (c) {
-	case '1':
-		if (*flags)
-			xtables_error(PARAMETER_PROBLEM,
-					"helper match: Only use --helper ONCE!");
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		strncpy(info->name, optarg, 29);
-		info->name[29] = '\0';
-		if (invert)
-			info->invert = 1;
-		*flags = 1;
-		break;
-	}
-	return 1;
-}
-
-static void helper_check(unsigned int flags)
-{
-	if (!flags)
-		xtables_error(PARAMETER_PROBLEM,
-			   "helper match: You must specify `--helper'");
+	xtables_option_parse(cb);
+	if (cb->invert)
+		info->invert = 1;
 }
 
 static void
@@ -72,11 +51,10 @@ static struct xtables_match helper_match = {
 	.version	= XTABLES_VERSION,
 	.size		= XT_ALIGN(sizeof(struct xt_helper_info)),
 	.help		= helper_help,
-	.parse		= helper_parse,
-	.final_check	= helper_check,
 	.print		= helper_print,
 	.save		= helper_save,
-	.extra_opts	= helper_opts,
+	.x6_parse	= helper_parse,
+	.x6_options	= helper_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 24/28] libxt_physdev: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_physdev.c |  113 ++++++++++++++++---------------------------
 1 files changed, 42 insertions(+), 71 deletions(-)

diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index 1c0de97..8f57fe9 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -1,17 +1,14 @@
-/* Shared library add-on to iptables to add bridge port matching support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <ctype.h>
 #include <xtables.h>
 #include <linux/netfilter/xt_physdev.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
+
+enum {
+	O_PHYSDEV_IN = 0,
+	O_PHYSDEV_OUT,
+	O_PHYSDEV_IS_IN,
+	O_PHYSDEV_IS_OUT,
+	O_PHYSDEV_IS_BRIDGED,
+};
 
 static void physdev_help(void)
 {
@@ -24,88 +21,62 @@ static void physdev_help(void)
 " [!] --physdev-is-bridged		it's a bridged packet\n");
 }
 
-static const struct option physdev_opts[] = {
-	{.name = "physdev-in",         .has_arg = true,  .val = '1'},
-	{.name = "physdev-out",        .has_arg = true,  .val = '2'},
-	{.name = "physdev-is-in",      .has_arg = false, .val = '3'},
-	{.name = "physdev-is-out",     .has_arg = false, .val = '4'},
-	{.name = "physdev-is-bridged", .has_arg = false, .val = '5'},
-	XT_GETOPT_TABLEEND,
+#define s struct xt_physdev_info
+static const struct xt_option_entry physdev_opts[] = {
+	{.name = "physdev-in", .id = O_PHYSDEV_IN, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, physindev)},
+	{.name = "physdev-out", .id = O_PHYSDEV_OUT, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, physoutdev)},
+	{.name = "physdev-is-in", .id = O_PHYSDEV_IS_IN, .type = XTTYPE_NONE},
+	{.name = "physdev-is-out", .id = O_PHYSDEV_IS_OUT,
+	 .type = XTTYPE_NONE},
+	{.name = "physdev-is-bridged", .id = O_PHYSDEV_IS_BRIDGED,
+	 .type = XTTYPE_NONE},
+	XTOPT_TABLEEND,
 };
+#undef s
 
-static int
-physdev_parse(int c, char **argv, int invert, unsigned int *flags,
-              const void *entry, struct xt_entry_match **match)
+static void physdev_parse(struct xt_option_call *cb)
 {
-	struct xt_physdev_info *info =
-		(struct xt_physdev_info*)(*match)->data;
+	struct xt_physdev_info *info = cb->data;
 
-	switch (c) {
-	case '1':
-		if (*flags & XT_PHYSDEV_OP_IN)
-			goto multiple_use;
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		xtables_parse_interface(optarg, info->physindev,
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_PHYSDEV_IN:
+		xtables_parse_interface(cb->arg, info->physindev,
 				(unsigned char *)info->in_mask);
-		if (invert)
+		if (cb->invert)
 			info->invert |= XT_PHYSDEV_OP_IN;
 		info->bitmask |= XT_PHYSDEV_OP_IN;
-		*flags |= XT_PHYSDEV_OP_IN;
 		break;
-
-	case '2':
-		if (*flags & XT_PHYSDEV_OP_OUT)
-			goto multiple_use;
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		xtables_parse_interface(optarg, info->physoutdev,
+	case O_PHYSDEV_OUT:
+		xtables_parse_interface(cb->arg, info->physoutdev,
 				(unsigned char *)info->out_mask);
-		if (invert)
+		if (cb->invert)
 			info->invert |= XT_PHYSDEV_OP_OUT;
 		info->bitmask |= XT_PHYSDEV_OP_OUT;
-		*flags |= XT_PHYSDEV_OP_OUT;
 		break;
-
-	case '3':
-		if (*flags & XT_PHYSDEV_OP_ISIN)
-			goto multiple_use;
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+	case O_PHYSDEV_IS_IN:
 		info->bitmask |= XT_PHYSDEV_OP_ISIN;
-		if (invert)
+		if (cb->invert)
 			info->invert |= XT_PHYSDEV_OP_ISIN;
-		*flags |= XT_PHYSDEV_OP_ISIN;
 		break;
-
-	case '4':
-		if (*flags & XT_PHYSDEV_OP_ISOUT)
-			goto multiple_use;
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+	case O_PHYSDEV_IS_OUT:
 		info->bitmask |= XT_PHYSDEV_OP_ISOUT;
-		if (invert)
+		if (cb->invert)
 			info->invert |= XT_PHYSDEV_OP_ISOUT;
-		*flags |= XT_PHYSDEV_OP_ISOUT;
 		break;
-
-	case '5':
-		if (*flags & XT_PHYSDEV_OP_BRIDGED)
-			goto multiple_use;
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-		if (invert)
+	case O_PHYSDEV_IS_BRIDGED:
+		if (cb->invert)
 			info->invert |= XT_PHYSDEV_OP_BRIDGED;
-		*flags |= XT_PHYSDEV_OP_BRIDGED;
 		info->bitmask |= XT_PHYSDEV_OP_BRIDGED;
 		break;
 	}
-
-	return 1;
-multiple_use:
-	xtables_error(PARAMETER_PROBLEM,
-	   "multiple use of the same physdev option is not allowed");
-
 }
 
-static void physdev_check(unsigned int flags)
+static void physdev_check(struct xt_fcheck_call *cb)
 {
-	if (flags == 0)
+	if (cb->xflags == 0)
 		xtables_error(PARAMETER_PROBLEM, "PHYSDEV: no physdev option specified");
 }
 
@@ -164,11 +135,11 @@ static struct xtables_match physdev_match = {
 	.size		= XT_ALIGN(sizeof(struct xt_physdev_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_physdev_info)),
 	.help		= physdev_help,
-	.parse		= physdev_parse,
-	.final_check	= physdev_check,
 	.print		= physdev_print,
 	.save		= physdev_save,
-	.extra_opts	= physdev_opts,
+	.x6_parse	= physdev_parse,
+	.x6_fcheck	= physdev_check,
+	.x6_options	= physdev_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 25/28] libxt_pkttype: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_pkttype.c |   52 ++++++++++++-------------------------------
 1 files changed, 15 insertions(+), 37 deletions(-)

diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index f5de3ef..1ed3b44 100644
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -4,22 +4,15 @@
  *
  * Michal Ludvig <michal@logix.cz>
  */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#if defined(__GLIBC__) && __GLIBC__ == 2
-#include <net/ethernet.h>
-#else
-#include <linux/if_ether.h>
-#endif
 #include <xtables.h>
 #include <linux/if_packet.h>
 #include <linux/netfilter/xt_pkttype.h>
 
-#define	PKTTYPE_VERSION	"0.1"
+enum {
+	O_PKTTYPE = 0,
+};
 
 struct pkttypes {
 	const char *name;
@@ -61,9 +54,10 @@ static void pkttype_help(void)
 	print_types();
 }
 
-static const struct option pkttype_opts[] = {
-	{.name = "pkt-type", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry pkttype_opts[] = {
+	{.name = "pkt-type", .id = O_PKTTYPE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND | XTOPT_INVERT},
+	XTOPT_TABLEEND,
 };
 
 static void parse_pkttype(const char *pkttype, struct xt_pkttype_info *info)
@@ -80,29 +74,14 @@ static void parse_pkttype(const char *pkttype, struct xt_pkttype_info *info)
 	xtables_error(PARAMETER_PROBLEM, "Bad packet type '%s'", pkttype);
 }
 
-static int pkttype_parse(int c, char **argv, int invert, unsigned int *flags,
-                         const void *entry, struct xt_entry_match **match)
+static void pkttype_parse(struct xt_option_call *cb)
 {
-	struct xt_pkttype_info *info = (struct xt_pkttype_info *)(*match)->data;
-	
-	switch(c)
-	{
-		case '1':
-			xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-			parse_pkttype(optarg, info);
-			if(invert)
-				info->invert=1;
-			*flags=1;
-			break;
-	}
+	struct xt_pkttype_info *info = cb->data;
 
-	return 1;
-}
-
-static void pkttype_check(unsigned int flags)
-{
-	if (!flags)
-		xtables_error(PARAMETER_PROBLEM, "You must specify \"--pkt-type\"");
+	xtables_option_parse(cb);
+	parse_pkttype(cb->arg, info);
+	if (cb->invert)
+		info->invert = 1;
 }
 
 static void print_pkttype(const struct xt_pkttype_info *info)
@@ -143,11 +122,10 @@ static struct xtables_match pkttype_match = {
 	.size		= XT_ALIGN(sizeof(struct xt_pkttype_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_pkttype_info)),
 	.help		= pkttype_help,
-	.parse		= pkttype_parse,
-	.final_check	= pkttype_check,
 	.print		= pkttype_print,
 	.save		= pkttype_save,
-	.extra_opts	= pkttype_opts,
+	.x6_parse	= pkttype_parse,
+	.x6_options	= pkttype_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 26/28] libxt_state: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_state.c |   50 ++++++++++++++-------------------------------
 1 files changed, 16 insertions(+), 34 deletions(-)

diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index 9a631aa..3fc747d 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -1,10 +1,5 @@
-/* Shared library add-on to iptables to add state tracking support. */
-#include <stdbool.h>
 #include <stdio.h>
-#include <netdb.h>
 #include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
 #include <xtables.h>
 #include <linux/netfilter/nf_conntrack_common.h>
 #include <linux/netfilter/xt_state.h>
@@ -13,6 +8,10 @@
 #define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
 #endif
 
+enum {
+	O_STATE = 0,
+};
+
 static void
 state_help(void)
 {
@@ -22,9 +21,10 @@ state_help(void)
 "				State(s) to match\n");
 }
 
-static const struct option state_opts[] = {
-	{.name = "state", .has_arg = true, .val = '1'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry state_opts[] = {
+	{.name = "state", .id = O_STATE, .type = XTTYPE_STRING,
+	 .flags = XTOPT_MAND},
+	XTOPT_TABLEEND,
 };
 
 static int
@@ -63,31 +63,14 @@ state_parse_states(const char *arg, struct xt_state_info *sinfo)
 		xtables_error(PARAMETER_PROBLEM, "Bad state \"%s\"", arg);
 }
 
-static int
-state_parse(int c, char **argv, int invert, unsigned int *flags,
-      const void *entry,
-      struct xt_entry_match **match)
+static void state_parse(struct xt_option_call *cb)
 {
-	struct xt_state_info *sinfo = (struct xt_state_info *)(*match)->data;
-
-	switch (c) {
-	case '1':
-		xtables_check_inverse(optarg, &invert, &optind, 0, argv);
-
-		state_parse_states(optarg, sinfo);
-		if (invert)
-			sinfo->statemask = ~sinfo->statemask;
-		*flags = 1;
-		break;
-	}
+	struct xt_state_info *sinfo = cb->data;
 
-	return 1;
-}
-
-static void state_final_check(unsigned int flags)
-{
-	if (!flags)
-		xtables_error(PARAMETER_PROBLEM, "You must specify \"--state\"");
+	xtables_option_parse(cb);
+	state_parse_states(cb->arg, sinfo);
+	if (cb->invert)
+		sinfo->statemask = ~sinfo->statemask;
 }
 
 static void state_print_state(unsigned int statemask)
@@ -142,11 +125,10 @@ static struct xtables_match state_match = {
 	.size		= XT_ALIGN(sizeof(struct xt_state_info)),
 	.userspacesize	= XT_ALIGN(sizeof(struct xt_state_info)),
 	.help		= state_help,
-	.parse		= state_parse,
-	.final_check	= state_final_check,
 	.print		= state_print,
 	.save		= state_save,
-	.extra_opts	= state_opts,
+	.x6_parse	= state_parse,
+	.x6_options	= state_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 27/28] libxt_time: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_time.c |  153 ++++++++++++++++-------------------------------
 1 files changed, 52 insertions(+), 101 deletions(-)

diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c
index 56fb135..b538476 100644
--- a/extensions/libxt_time.c
+++ b/extensions/libxt_time.c
@@ -9,45 +9,41 @@
  *
  *	Based on libipt_time.c.
  */
-#include <sys/types.h>
-#include <getopt.h>
-#include <stdbool.h>
-#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <stddef.h>
 #include <time.h>
-#include <limits.h>
-
 #include <linux/types.h>
 #include <linux/netfilter/xt_time.h>
 #include <xtables.h>
 
-enum { /* getopt "seen" bits */
-	F_DATE_START = 1 << 0,
-	F_DATE_STOP  = 1 << 1,
-	F_TIME_START = 1 << 2,
-	F_TIME_STOP  = 1 << 3,
-	F_MONTHDAYS  = 1 << 4,
-	F_WEEKDAYS   = 1 << 5,
-	F_TIMEZONE   = 1 << 6,
+enum {
+	O_DATE_START = 0,
+	O_DATE_STOP,
+	O_TIME_START,
+	O_TIME_STOP,
+	O_MONTHDAYS,
+	O_WEEKDAYS,
+	O_LOCAL_TZ,
+	O_UTC,
 };
 
 static const char *const week_days[] = {
 	NULL, "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun",
 };
 
-static const struct option time_opts[] = {
-	{.name = "datestart", .has_arg = true,  .val = 'D'},
-	{.name = "datestop",  .has_arg = true,  .val = 'E'},
-	{.name = "timestart", .has_arg = true,  .val = 'X'},
-	{.name = "timestop",  .has_arg = true,  .val = 'Y'},
-	{.name = "weekdays",  .has_arg = true,  .val = 'w'},
-	{.name = "monthdays", .has_arg = true,  .val = 'm'},
-	{.name = "localtz",   .has_arg = false, .val = 'l'},
-	{.name = "utc",       .has_arg = false, .val = 'u'},
-	XT_GETOPT_TABLEEND,
+static const struct xt_option_entry time_opts[] = {
+	{.name = "datestart", .id = O_DATE_START, .type = XTTYPE_STRING},
+	{.name = "datestop", .id = O_DATE_STOP, .type = XTTYPE_STRING},
+	{.name = "timestart", .id = O_TIME_START, .type = XTTYPE_STRING},
+	{.name = "timestop", .id = O_TIME_STOP, .type = XTTYPE_STRING},
+	{.name = "weekdays", .id = O_WEEKDAYS, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
+	{.name = "monthdays", .id = O_MONTHDAYS, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
+	{.name = "localtz", .id = O_LOCAL_TZ, .type = XTTYPE_NONE},
+	{.name = "utc", .id = O_UTC, .type = XTTYPE_NONE},
+	XTOPT_TABLEEND,
 };
 
 static void time_help(void)
@@ -248,86 +244,41 @@ static unsigned int time_parse_weekdays(const char *arg)
 	return ret;
 }
 
-static int time_parse(int c, char **argv, int invert, unsigned int *flags,
-                      const void *entry, struct xt_entry_match **match)
+static void time_parse(struct xt_option_call *cb)
 {
-	struct xt_time_info *info = (void *)(*match)->data;
-
-	switch (c) {
-	case 'D': /* --datestart */
-		if (*flags & F_DATE_START)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --datestart twice");
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Unexpected \"!\" with --datestart");
-		info->date_start = time_parse_date(optarg, false);
-		*flags |= F_DATE_START;
-		return 1;
-	case 'E': /* --datestop */
-		if (*flags & F_DATE_STOP)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --datestop more than once");
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-			           "unexpected \"!\" with --datestop");
-		info->date_stop = time_parse_date(optarg, true);
-		*flags |= F_DATE_STOP;
-		return 1;
-	case 'X': /* --timestart */
-		if (*flags & F_TIME_START)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --timestart more than once");
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Unexpected \"!\" with --timestart");
-		info->daytime_start = time_parse_minutes(optarg);
-		*flags |= F_TIME_START;
-		return 1;
-	case 'Y': /* --timestop */
-		if (*flags & F_TIME_STOP)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --timestop more than once");
-		if (invert)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Unexpected \"!\" with --timestop");
-		info->daytime_stop = time_parse_minutes(optarg);
-		*flags |= F_TIME_STOP;
-		return 1;
-	case 'l': /* --localtz */
-		if (*flags & F_TIMEZONE)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Can only specify exactly one of --localtz or --utc");
+	struct xt_time_info *info = cb->data;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_DATE_START:
+		info->date_start = time_parse_date(cb->arg, false);
+		break;
+	case O_DATE_STOP:
+		info->date_stop = time_parse_date(cb->arg, true);
+		break;
+	case O_TIME_START:
+		info->daytime_start = time_parse_minutes(cb->arg);
+		break;
+	case O_TIME_STOP:
+		info->daytime_stop = time_parse_minutes(cb->arg);
+		break;
+	case O_LOCAL_TZ:
 		info->flags |= XT_TIME_LOCAL_TZ;
-		*flags |= F_TIMEZONE;
-		return 1;
-	case 'm': /* --monthdays */
-		if (*flags & F_MONTHDAYS)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --monthdays more than once");
-		info->monthdays_match = time_parse_monthdays(optarg);
-		if (invert)
+		break;
+	case O_MONTHDAYS:
+		info->monthdays_match = time_parse_monthdays(cb->arg);
+		if (cb->invert)
 			info->monthdays_match ^= XT_TIME_ALL_MONTHDAYS;
-		*flags |= F_MONTHDAYS;
-		return 1;
-	case 'w': /* --weekdays */
-		if (*flags & F_WEEKDAYS)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --weekdays more than once");
-		info->weekdays_match = time_parse_weekdays(optarg);
-		if (invert)
+		break;
+	case O_WEEKDAYS:
+		info->weekdays_match = time_parse_weekdays(cb->arg);
+		if (cb->invert)
 			info->weekdays_match ^= XT_TIME_ALL_WEEKDAYS;
-		*flags |= F_WEEKDAYS;
-		return 1;
-	case 'u': /* --utc */
-		if (*flags & F_TIMEZONE)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Can only specify exactly one of --localtz or --utc");
+		break;
+	case O_UTC:
 		info->flags &= ~XT_TIME_LOCAL_TZ;
-		*flags |= F_TIMEZONE;
-		return 1;
+		break;
 	}
-	return 0;
 }
 
 static void time_print_date(time_t date, const char *command)
@@ -474,10 +425,10 @@ static struct xtables_match time_match = {
 	.userspacesize = XT_ALIGN(sizeof(struct xt_time_info)),
 	.help          = time_help,
 	.init          = time_init,
-	.parse         = time_parse,
 	.print         = time_print,
 	.save          = time_save,
-	.extra_opts    = time_opts,
+	.x6_parse      = time_parse,
+	.x6_options    = time_opts,
 };
 
 void _init(void)
-- 
1.7.1

[PATCH 28/28] libxt_u32: use guided option parser

[Jan Engelhardt]

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_u32.c |   39 +++++++++++++++++----------------------
 1 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 7f102d4..0df28a8 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -10,22 +10,21 @@
  * Copyright © CC Computer Consultants GmbH, 2007
  * Contact: <jengelh@computergmbh.de>
  */
-#include <sys/types.h>
 #include <ctype.h>
 #include <errno.h>
-#include <getopt.h>
-#include <netdb.h>
-#include <stdbool.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
-#include <string.h>
-
 #include <xtables.h>
 #include <linux/netfilter/xt_u32.h>
 
-static const struct option u32_opts[] = {
-	{.name = "u32", .has_arg = true, .val = 'u'},
-	XT_GETOPT_TABLEEND,
+enum {
+	O_U32 = 0,
+};
+
+static const struct xt_option_entry u32_opts[] = {
+	{.name = "u32", .id = O_U32, .type = XTTYPE_STRING},
+	XTOPT_TABLEEND,
 };
 
 static void u32_help(void)
@@ -86,7 +85,7 @@ static void u32_dump(const struct xt_u32 *data)
 }
 
 /* string_to_number() is not quite what we need here ... */
-static uint32_t parse_number(char **s, int pos)
+static uint32_t parse_number(const char **s, int pos)
 {
 	uint32_t number;
 	char *end;
@@ -103,20 +102,16 @@ static uint32_t parse_number(char **s, int pos)
 	return number;
 }
 
-static int u32_parse(int c, char **argv, int invert, unsigned int *flags,
-		     const void *entry, struct xt_entry_match **match)
+static void u32_parse(struct xt_option_call *cb)
 {
-	struct xt_u32 *data = (void *)(*match)->data;
+	struct xt_u32 *data = cb->data;
 	unsigned int testind = 0, locind = 0, valind = 0;
 	struct xt_u32_test *ct = &data->tests[testind]; /* current test */
-	char *arg = optarg; /* the argument string */
-	char *start = arg;
+	const char *arg = cb->arg; /* the argument string */
+	const char *start = cb->arg;
 	int state = 0;
 
-	if (c != 'u')
-		return 0;
-
-	data->invert = invert;
+	data->invert = cb->invert;
 
 	/*
 	 * states:
@@ -145,7 +140,7 @@ static int u32_parse(int c, char **argv, int invert, unsigned int *flags,
 				xtables_error(PARAMETER_PROBLEM,
 				           "u32: at char %u: too many \"&&\"s",
 				           (unsigned int)(arg - start));
-			return 1;
+			return;
 		}
 
 		if (state == 0) {
@@ -274,10 +269,10 @@ static struct xtables_match u32_match = {
 	.size          = XT_ALIGN(sizeof(struct xt_u32)),
 	.userspacesize = XT_ALIGN(sizeof(struct xt_u32)),
 	.help          = u32_help,
-	.parse         = u32_parse,
 	.print         = u32_print,
 	.save          = u32_save,
-	.extra_opts    = u32_opts,
+	.x6_parse      = u32_parse,
+	.x6_options    = u32_opts,
 };
 
 void _init(void)
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: guided option parser, run 2

[Patrick McHardy]

Am 12.04.2011 16:23, schrieb Jan Engelhardt:
> The following changes since commit b18ffe3636b07cd817628de81643136e4755a944:
> 
>   libxt_cluster: use guided option parser (2011-04-06 13:12:52 +0200)
> 
> are available in the git repository at:
>   git://dev.medozas.de/iptables opts

Nice work, pulled, thanks Jan!