mirror of
https://github.com/systemd/systemd.git
synced 2024-11-01 17:51:22 +03:00
firewall-util: use fixed size array for chain name
xt_chainlabel is defined as ``` typedef char xt_chainlabel[32]; ```
This commit is contained in:
Yu Watanabe
parent
4bbccb02ea
commit
d14be488a7
@ -90,6 +90,7 @@ int fw_add_masquerade(
|
|||||||
const union in_addr_union *destination,
|
const union in_addr_union *destination,
|
||||||
unsigned destination_prefixlen) {
|
unsigned destination_prefixlen) {
|
||||||
|
|
||||||
|
static const xt_chainlabel chain = "POSTROUTING";
|
||||||
_cleanup_(iptc_freep) struct xtc_handle *h = NULL;
|
_cleanup_(iptc_freep) struct xtc_handle *h = NULL;
|
||||||
struct ipt_entry *entry, *mask;
|
struct ipt_entry *entry, *mask;
|
||||||
struct ipt_entry_target *t;
|
struct ipt_entry_target *t;
|
||||||
@ -133,15 +134,15 @@ int fw_add_masquerade(
|
|||||||
memset(mask, 0xFF, sz);
|
memset(mask, 0xFF, sz);
|
||||||
|
|
||||||
if (add) {
|
if (add) {
|
||||||
if (iptc_check_entry("POSTROUTING", entry, (unsigned char*) mask, h))
|
if (iptc_check_entry(chain, entry, (unsigned char*) mask, h))
|
||||||
return 0;
|
return 0;
|
||||||
if (errno != ENOENT) /* if other error than not existing yet, fail */
|
if (errno != ENOENT) /* if other error than not existing yet, fail */
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
if (!iptc_insert_entry("POSTROUTING", entry, 0, h))
|
if (!iptc_insert_entry(chain, entry, 0, h))
|
||||||
return -errno;
|
return -errno;
|
||||||
} else {
|
} else {
|
||||||
if (!iptc_delete_entry("POSTROUTING", entry, (unsigned char*) mask, h)) {
|
if (!iptc_delete_entry(chain, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno == ENOENT) /* if it's already gone, all is good! */
|
if (errno == ENOENT) /* if it's already gone, all is good! */
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@ -169,6 +170,7 @@ int fw_add_local_dnat(
|
|||||||
uint16_t remote_port,
|
uint16_t remote_port,
|
||||||
const union in_addr_union *previous_remote) {
|
const union in_addr_union *previous_remote) {
|
||||||
|
|
||||||
|
static const xt_chainlabel chain_pre = "PREROUTING", chain_output = "OUTPUT";
|
||||||
_cleanup_(iptc_freep) struct xtc_handle *h = NULL;
|
_cleanup_(iptc_freep) struct xtc_handle *h = NULL;
|
||||||
struct ipt_entry *entry, *mask;
|
struct ipt_entry *entry, *mask;
|
||||||
struct ipt_entry_target *t;
|
struct ipt_entry_target *t;
|
||||||
@ -275,11 +277,11 @@ int fw_add_local_dnat(
|
|||||||
|
|
||||||
if (add) {
|
if (add) {
|
||||||
/* Add the PREROUTING rule, if it is missing so far */
|
/* Add the PREROUTING rule, if it is missing so far */
|
||||||
if (!iptc_check_entry("PREROUTING", entry, (unsigned char*) mask, h)) {
|
if (!iptc_check_entry(chain_pre, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!iptc_insert_entry("PREROUTING", entry, 0, h))
|
if (!iptc_insert_entry(chain_pre, entry, 0, h))
|
||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -287,7 +289,7 @@ int fw_add_local_dnat(
|
|||||||
if (previous_remote && previous_remote->in.s_addr != remote->in.s_addr) {
|
if (previous_remote && previous_remote->in.s_addr != remote->in.s_addr) {
|
||||||
mr->range[0].min_ip = mr->range[0].max_ip = previous_remote->in.s_addr;
|
mr->range[0].min_ip = mr->range[0].max_ip = previous_remote->in.s_addr;
|
||||||
|
|
||||||
if (!iptc_delete_entry("PREROUTING", entry, (unsigned char*) mask, h)) {
|
if (!iptc_delete_entry(chain_pre, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
@ -305,11 +307,11 @@ int fw_add_local_dnat(
|
|||||||
entry->ip.invflags = IPT_INV_DSTIP;
|
entry->ip.invflags = IPT_INV_DSTIP;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!iptc_check_entry("OUTPUT", entry, (unsigned char*) mask, h)) {
|
if (!iptc_check_entry(chain_output, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
if (!iptc_insert_entry("OUTPUT", entry, 0, h))
|
if (!iptc_insert_entry(chain_output, entry, 0, h))
|
||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -317,14 +319,14 @@ int fw_add_local_dnat(
|
|||||||
if (previous_remote && previous_remote->in.s_addr != remote->in.s_addr) {
|
if (previous_remote && previous_remote->in.s_addr != remote->in.s_addr) {
|
||||||
mr->range[0].min_ip = mr->range[0].max_ip = previous_remote->in.s_addr;
|
mr->range[0].min_ip = mr->range[0].max_ip = previous_remote->in.s_addr;
|
||||||
|
|
||||||
if (!iptc_delete_entry("OUTPUT", entry, (unsigned char*) mask, h)) {
|
if (!iptc_delete_entry(chain_output, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (!iptc_delete_entry("PREROUTING", entry, (unsigned char*) mask, h)) {
|
if (!iptc_delete_entry(chain_pre, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
@ -336,7 +338,7 @@ int fw_add_local_dnat(
|
|||||||
entry->ip.invflags = IPT_INV_DSTIP;
|
entry->ip.invflags = IPT_INV_DSTIP;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!iptc_delete_entry("OUTPUT", entry, (unsigned char*) mask, h)) {
|
if (!iptc_delete_entry(chain_output, entry, (unsigned char*) mask, h)) {
|
||||||
if (errno != ENOENT)
|
if (errno != ENOENT)
|
||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user