firewall-util: use fixed size array for chain name

author Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 3 Jul 2019 15:09:31 +0000 (00:09 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Thu, 4 Jul 2019 17:45:00 +0000 (02:45 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 3 Jul 2019 15:09:31 +0000 (00:09 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Thu, 4 Jul 2019 17:45:00 +0000 (02:45 +0900)
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c

index 87bc3f7..93bdd8c 100644 (file)
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -90,6 +90,7 @@ int fw_add_masquerade(
                  const union in_addr_union *destination,
                  unsigned destination_prefixlen) {
  
+        static const xt_chainlabel chain = "POSTROUTING";
          _cleanup_(iptc_freep) struct xtc_handle *h = NULL;
          struct ipt_entry *entry, *mask;
          struct ipt_entry_target *t;
@@ -133,15 +134,15 @@ int fw_add_masquerade(
          memset(mask, 0xFF, sz);
  
          if (add) {
-                if (iptc_check_entry("POSTROUTING", entry, (unsigned char*) mask, h))
+                if (iptc_check_entry(chain, entry, (unsigned char*) mask, h))
                          return 0;
                  if (errno != ENOENT) /* if other error than not existing yet, fail */
                          return -errno;
  
-                if (!iptc_insert_entry("POSTROUTING", entry, 0, h))
+                if (!iptc_insert_entry(chain, entry, 0, h))
                          return -errno;
          } else {
-                if (!iptc_delete_entry("POSTROUTING", entry, (unsigned char*) mask, h)) {
+                if (!iptc_delete_entry(chain, entry, (unsigned char*) mask, h)) {
                          if (errno == ENOENT) /* if it's already gone, all is good! */
                                  return 0;
  
@@ -169,6 +170,7 @@ int fw_add_local_dnat(
                  uint16_t remote_port,
                  const union in_addr_union *previous_remote) {
  
+        static const xt_chainlabel chain_pre = "PREROUTING", chain_output = "OUTPUT";
          _cleanup_(iptc_freep) struct xtc_handle *h = NULL;
          struct ipt_entry *entry, *mask;
          struct ipt_entry_target *t;
@@ -275,11 +277,11 @@ int fw_add_local_dnat(
  
          if (add) {
                  /* Add the PREROUTING rule, if it is missing so far */
-                if (!iptc_check_entry("PREROUTING", entry, (unsigned char*) mask, h)) {
+                if (!iptc_check_entry(chain_pre, entry, (unsigned char*) mask, h)) {
                          if (errno != ENOENT)
                                  return -EINVAL;
  
-                        if (!iptc_insert_entry("PREROUTING", entry, 0, h))
+                        if (!iptc_insert_entry(chain_pre, entry, 0, h))
                                  return -errno;
                  }
  
@@ -287,7 +289,7 @@ int fw_add_local_dnat(
                  if (previous_remote && previous_remote->in.s_addr != remote->in.s_addr) {
                          mr->range[0].min_ip = mr->range[0].max_ip = previous_remote->in.s_addr;
  
-                        if (!iptc_delete_entry("PREROUTING", entry, (unsigned char*) mask, h)) {
+                        if (!iptc_delete_entry(chain_pre, entry, (unsigned char*) mask, h)) {
                                  if (errno != ENOENT)
                                          return -errno;
                          }
@@ -305,11 +307,11 @@ int fw_add_local_dnat(
                                  entry->ip.invflags = IPT_INV_DSTIP;
                          }
  
-                        if (!iptc_check_entry("OUTPUT", entry, (unsigned char*) mask, h)) {
+                        if (!iptc_check_entry(chain_output, entry, (unsigned char*) mask, h)) {
                                  if (errno != ENOENT)
                                          return -errno;
  
-                                if (!iptc_insert_entry("OUTPUT", entry, 0, h))
+                                if (!iptc_insert_entry(chain_output, entry, 0, h))
                                          return -errno;
                          }
  
@@ -317,14 +319,14 @@ int fw_add_local_dnat(
                          if (previous_remote && previous_remote->in.s_addr != remote->in.s_addr) {
                                  mr->range[0].min_ip = mr->range[0].max_ip = previous_remote->in.s_addr;
  
-                                if (!iptc_delete_entry("OUTPUT", entry, (unsigned char*) mask, h)) {
+                                if (!iptc_delete_entry(chain_output, entry, (unsigned char*) mask, h)) {
                                          if (errno != ENOENT)
                                                  return -errno;
                                  }
                          }
                  }
          } else {
-                if (!iptc_delete_entry("PREROUTING", entry, (unsigned char*) mask, h)) {
+                if (!iptc_delete_entry(chain_pre, entry, (unsigned char*) mask, h)) {
                          if (errno != ENOENT)
                                  return -errno;
                  }
@@ -336,7 +338,7 @@ int fw_add_local_dnat(
                                  entry->ip.invflags = IPT_INV_DSTIP;
                          }
  
-                        if (!iptc_delete_entry("OUTPUT", entry, (unsigned char*) mask, h)) {
+                        if (!iptc_delete_entry(chain_output, entry, (unsigned char*) mask, h)) {
                                  if (errno != ENOENT)
                                          return -errno;
                          }
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 3 Jul 2019 15:09:31 +0000 (00:09 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Thu, 4 Jul 2019 17:45:00 +0000 (02:45 +0900)