* iptables: libiptc, cleanups
@ 2011-09-11 15:35 Jan Engelhardt
2011-09-11 15:35 ` [PATCH 1/9] libiptc: resolve compile failure Jan Engelhardt
` (8 more replies)
0 siblings, 9 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
The following changes since commit 62fc25fd1625f0f65b9eed3e15fe929dd0aff2c5:
Merge branch 'master' of git://dev.medozas.de/iptables (2011-09-08 17:00:49 +0200)
are available in the git repository at:
git://dev.medozas.de/iptables master
Jan Engelhardt (14):
build: sort file list before build
doc: fix undesired newline in ip6tables-restore(8)
ip6tables-restore: implement missing -T option
doc: document iptables-restore's -T option
Merge branch 'stable'
libiptc: resolve compile failure
iptables-save: remove binary dumping dead code
libiptc: remove unused HOOK_DROPPING thing
libiptc: combine common types
libiptc: replace ipt_chainlabel by xt_chainlabel
libiptc: combine common types: _handle
src: resolve old macro names that are indirections
libiptc: use a family-invariant xtc_ops struct for code reduction
ip6tables-restore: make code look alike with iptables-restore
extensions/GNUmakefile.in | 12 ++--
extensions/libipt_realm.c | 10 ++--
include/Makefile.am | 2 +-
include/ip6tables.h | 10 ++--
include/iptables.h | 16 +++---
include/libiptc/libip6tc.h | 110 +++++++++++++++++++-------------------
include/libiptc/libiptc.h | 110 +++++++++++++++++++-------------------
include/libiptc/xtcshared.h | 20 +++++++
iptables/ip6tables-restore.8 | 4 +-
iptables/ip6tables-restore.c | 64 ++++++++++++----------
iptables/ip6tables-save.c | 84 ++++++++++++-----------------
iptables/ip6tables-standalone.c | 2 +-
iptables/ip6tables.c | 112 +++++++++++++++++++-------------------
iptables/iptables-restore.8 | 5 ++-
iptables/iptables-restore.c | 48 ++++++++--------
iptables/iptables-save.c | 84 ++++++++++++-----------------
iptables/iptables-standalone.c | 2 +-
iptables/iptables-xml.c | 36 ++++++------
iptables/iptables.c | 110 +++++++++++++++++++-------------------
iptables/xshared.c | 2 +-
libiptc/Makefile.am | 4 +-
libiptc/libip4tc.c | 56 +++++++------------
libiptc/libip6tc.c | 38 ++++++-------
libiptc/libiptc.c | 54 ++++++++++---------
24 files changed, 495 insertions(+), 500 deletions(-)
create mode 100644 include/libiptc/xtcshared.h
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 1/9] libiptc: resolve compile failure
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-11 15:35 ` [PATCH 2/9] iptables-save: remove binary dumping dead code Jan Engelhardt
` (7 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
CC libip4tc.lo
In file included from libip4tc.c:118:0:
libiptc.c:70:8: error: redefinition of "struct xt_error_target"
../include/linux/netfilter/x_tables.h:69:8: note: originally defined here
Remove libiptc's duplicate definition and substitute names.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
libiptc/libiptc.c | 34 ++++++++++++++--------------------
1 files changed, 14 insertions(+), 20 deletions(-)
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 42d9784..2214077 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -67,12 +67,6 @@ static const char *hooknames[] = {
};
/* Convenience structures */
-struct ipt_error_target
-{
- STRUCT_ENTRY_TARGET t;
- char error[TABLE_MAXNAMELEN];
-};
-
struct chain_head;
struct rule_head;
@@ -1092,10 +1086,10 @@ static int parse_table(struct xtc_handle *h)
/* Convenience structures */
struct iptcb_chain_start{
STRUCT_ENTRY e;
- struct ipt_error_target name;
+ struct xt_error_target name;
};
#define IPTCB_CHAIN_START_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(struct ipt_error_target)))
+ ALIGN(sizeof(struct xt_error_target)))
struct iptcb_chain_foot {
STRUCT_ENTRY e;
@@ -1106,10 +1100,10 @@ struct iptcb_chain_foot {
struct iptcb_chain_error {
STRUCT_ENTRY entry;
- struct ipt_error_target target;
+ struct xt_error_target target;
};
#define IPTCB_CHAIN_ERROR_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(struct ipt_error_target)))
+ ALIGN(sizeof(struct xt_error_target)))
@@ -1152,10 +1146,10 @@ static int iptcc_compile_chain(struct xtc_handle *h, STRUCT_REPLACE *repl, struc
head = (void *)repl->entries + c->head_offset;
head->e.target_offset = sizeof(STRUCT_ENTRY);
head->e.next_offset = IPTCB_CHAIN_START_SIZE;
- strcpy(head->name.t.u.user.name, ERROR_TARGET);
- head->name.t.u.target_size =
- ALIGN(sizeof(struct ipt_error_target));
- strcpy(head->name.error, c->name);
+ strcpy(head->name.target.u.user.name, ERROR_TARGET);
+ head->name.target.u.target_size =
+ ALIGN(sizeof(struct xt_error_target));
+ strcpy(head->name.errorname, c->name);
} else {
repl->hook_entry[c->hooknum-1] = c->head_offset;
repl->underflow[c->hooknum-1] = c->foot_offset;
@@ -1198,7 +1192,7 @@ static int iptcc_compile_chain_offsets(struct xtc_handle *h, struct chain_head *
if (!iptcc_is_builtin(c)) {
/* Chain has header */
*offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(struct ipt_error_target));
+ + ALIGN(sizeof(struct xt_error_target));
(*num)++;
}
@@ -1238,7 +1232,7 @@ static int iptcc_compile_table_prep(struct xtc_handle *h, unsigned int *size)
/* Append one error rule at end of chain */
num++;
offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(struct ipt_error_target));
+ + ALIGN(sizeof(struct xt_error_target));
/* ruleset size is now in offset */
*size = offset;
@@ -1261,10 +1255,10 @@ static int iptcc_compile_table(struct xtc_handle *h, STRUCT_REPLACE *repl)
error = (void *)repl->entries + repl->size - IPTCB_CHAIN_ERROR_SIZE;
error->entry.target_offset = sizeof(STRUCT_ENTRY);
error->entry.next_offset = IPTCB_CHAIN_ERROR_SIZE;
- error->target.t.u.user.target_size =
- ALIGN(sizeof(struct ipt_error_target));
- strcpy((char *)&error->target.t.u.user.name, ERROR_TARGET);
- strcpy((char *)&error->target.error, "ERROR");
+ error->target.target.u.user.target_size =
+ ALIGN(sizeof(struct xt_error_target));
+ strcpy((char *)&error->target.target.u.user.name, ERROR_TARGET);
+ strcpy((char *)&error->target.errorname, "ERROR");
return 1;
}
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 2/9] iptables-save: remove binary dumping dead code
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
2011-09-11 15:35 ` [PATCH 1/9] libiptc: resolve compile failure Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-12 9:32 ` Pablo Neira Ayuso
2011-09-11 15:35 ` [PATCH 3/9] libiptc: remove unused HOOK_DROPPING thing Jan Engelhardt
` (6 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Was never implemented, kill it.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
iptables/ip6tables-save.c | 80 +++++++++++++++++++--------------------------
iptables/iptables-save.c | 80 +++++++++++++++++++--------------------------
2 files changed, 68 insertions(+), 92 deletions(-)
diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index ad0e70f..38b0c2f 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -22,10 +22,9 @@
#include <dlfcn.h>
#endif
-static int show_binary = 0, show_counters = 0;
+static int show_counters = 0;
static const struct option options[] = {
- {.name = "binary", .has_arg = false, .val = 'b'},
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
@@ -76,52 +75,45 @@ static int do_output(const char *tablename)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
ip6tc_strerror(errno));
- if (!show_binary) {
- time_t now = time(NULL);
-
- printf("# Generated by ip6tables-save v%s on %s",
- IPTABLES_VERSION, ctime(&now));
- printf("*%s\n", tablename);
-
- /* Dump out chain names first,
- * thereby preventing dependency conflicts */
- for (chain = ip6tc_first_chain(h);
- chain;
- chain = ip6tc_next_chain(h)) {
-
- printf(":%s ", chain);
- if (ip6tc_builtin(chain, h)) {
- struct ip6t_counters count;
- printf("%s ",
- ip6tc_get_policy(chain, &count, h));
- printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
- } else {
- printf("- [0:0]\n");
- }
+ time_t now = time(NULL);
+
+ printf("# Generated by ip6tables-save v%s on %s",
+ IPTABLES_VERSION, ctime(&now));
+ printf("*%s\n", tablename);
+
+ /* Dump out chain names first,
+ * thereby preventing dependency conflicts */
+ for (chain = ip6tc_first_chain(h);
+ chain;
+ chain = ip6tc_next_chain(h)) {
+
+ printf(":%s ", chain);
+ if (ip6tc_builtin(chain, h)) {
+ struct ip6t_counters count;
+ printf("%s ",
+ ip6tc_get_policy(chain, &count, h));
+ printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+ } else {
+ printf("- [0:0]\n");
}
+ }
+ for (chain = ip6tc_first_chain(h);
+ chain;
+ chain = ip6tc_next_chain(h)) {
+ const struct ip6t_entry *e;
- for (chain = ip6tc_first_chain(h);
- chain;
- chain = ip6tc_next_chain(h)) {
- const struct ip6t_entry *e;
-
- /* Dump out rules */
- e = ip6tc_first_rule(chain, h);
- while(e) {
- print_rule6(e, h, chain, show_counters);
- e = ip6tc_next_rule(e, h);
- }
+ /* Dump out rules */
+ e = ip6tc_first_rule(chain, h);
+ while(e) {
+ print_rule6(e, h, chain, show_counters);
+ e = ip6tc_next_rule(e, h);
}
-
- now = time(NULL);
- printf("COMMIT\n");
- printf("# Completed on %s", ctime(&now));
- } else {
- /* Binary, huh? OK. */
- xtables_error(OTHER_PROBLEM, "Binary NYI\n");
}
+ now = time(NULL);
+ printf("COMMIT\n");
+ printf("# Completed on %s", ctime(&now));
ip6tc_free(h);
return 1;
@@ -151,10 +143,6 @@ int ip6tables_save_main(int argc, char *argv[])
while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
switch (c) {
- case 'b':
- show_binary = 1;
- break;
-
case 'c':
show_counters = 1;
break;
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index 73fba12..a25a186 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -21,10 +21,9 @@
#include <dlfcn.h>
#endif
-static int show_binary = 0, show_counters = 0;
+static int show_counters = 0;
static const struct option options[] = {
- {.name = "binary", .has_arg = false, .val = 'b'},
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
@@ -74,52 +73,45 @@ static int do_output(const char *tablename)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
iptc_strerror(errno));
- if (!show_binary) {
- time_t now = time(NULL);
-
- printf("# Generated by iptables-save v%s on %s",
- IPTABLES_VERSION, ctime(&now));
- printf("*%s\n", tablename);
-
- /* Dump out chain names first,
- * thereby preventing dependency conflicts */
- for (chain = iptc_first_chain(h);
- chain;
- chain = iptc_next_chain(h)) {
-
- printf(":%s ", chain);
- if (iptc_builtin(chain, h)) {
- struct ipt_counters count;
- printf("%s ",
- iptc_get_policy(chain, &count, h));
- printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
- } else {
- printf("- [0:0]\n");
- }
+ time_t now = time(NULL);
+
+ printf("# Generated by iptables-save v%s on %s",
+ IPTABLES_VERSION, ctime(&now));
+ printf("*%s\n", tablename);
+
+ /* Dump out chain names first,
+ * thereby preventing dependency conflicts */
+ for (chain = iptc_first_chain(h);
+ chain;
+ chain = iptc_next_chain(h)) {
+
+ printf(":%s ", chain);
+ if (iptc_builtin(chain, h)) {
+ struct ipt_counters count;
+ printf("%s ",
+ iptc_get_policy(chain, &count, h));
+ printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
+ } else {
+ printf("- [0:0]\n");
}
+ }
+ for (chain = iptc_first_chain(h);
+ chain;
+ chain = iptc_next_chain(h)) {
+ const struct ipt_entry *e;
- for (chain = iptc_first_chain(h);
- chain;
- chain = iptc_next_chain(h)) {
- const struct ipt_entry *e;
-
- /* Dump out rules */
- e = iptc_first_rule(chain, h);
- while(e) {
- print_rule4(e, h, chain, show_counters);
- e = iptc_next_rule(e, h);
- }
+ /* Dump out rules */
+ e = iptc_first_rule(chain, h);
+ while(e) {
+ print_rule4(e, h, chain, show_counters);
+ e = iptc_next_rule(e, h);
}
-
- now = time(NULL);
- printf("COMMIT\n");
- printf("# Completed on %s", ctime(&now));
- } else {
- /* Binary, huh? OK. */
- xtables_error(OTHER_PROBLEM, "Binary NYI\n");
}
+ now = time(NULL);
+ printf("COMMIT\n");
+ printf("# Completed on %s", ctime(&now));
iptc_free(h);
return 1;
@@ -150,10 +142,6 @@ iptables_save_main(int argc, char *argv[])
while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
switch (c) {
- case 'b':
- show_binary = 1;
- break;
-
case 'c':
show_counters = 1;
break;
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 3/9] libiptc: remove unused HOOK_DROPPING thing
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
2011-09-11 15:35 ` [PATCH 1/9] libiptc: resolve compile failure Jan Engelhardt
2011-09-11 15:35 ` [PATCH 2/9] iptables-save: remove binary dumping dead code Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-11 15:35 ` [PATCH 4/9] libiptc: combine common types Jan Engelhardt
` (5 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
libiptc/libip4tc.c | 12 ------------
libiptc/libiptc.c | 3 ---
2 files changed, 0 insertions(+), 15 deletions(-)
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index cf66709..3b0c15a 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -36,9 +36,6 @@ typedef unsigned int socklen_t;
#define HOOK_FORWARD NF_IP_FORWARD
#define HOOK_LOCAL_OUT NF_IP_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP_POST_ROUTING
-#ifdef NF_IP_DROPPING
-#define HOOK_DROPPING NF_IP_DROPPING
-#endif
#define STRUCT_ENTRY_TARGET struct ipt_entry_target
#define STRUCT_ENTRY struct ipt_entry
@@ -426,15 +423,6 @@ do_check(struct iptc_handle *h, unsigned int line)
assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
-
-#ifdef NF_IP_DROPPING
- } else if (strcmp(h->info.name, "drop") == 0) {
- assert(h->info.valid_hooks == (1 << NF_IP_DROPPING));
-
- /* Hook should be first */
- assert(h->info.hook_entry[NF_IP_DROPPING] == 0);
- user_offset = 0;
-#endif
} else {
fprintf(stderr, "Unknown table `%s'\n", h->info.name);
abort();
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 2214077..0a29a69 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -61,9 +61,6 @@ static const char *hooknames[] = {
[HOOK_FORWARD] = "FORWARD",
[HOOK_LOCAL_OUT] = "OUTPUT",
[HOOK_POST_ROUTING] = "POSTROUTING",
-#ifdef HOOK_DROPPING
- [HOOK_DROPPING] = "DROPPING"
-#endif
};
/* Convenience structures */
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 4/9] libiptc: combine common types
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
` (2 preceding siblings ...)
2011-09-11 15:35 ` [PATCH 3/9] libiptc: remove unused HOOK_DROPPING thing Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-12 9:36 ` Pablo Neira Ayuso
2011-09-11 15:35 ` [PATCH 5/9] libiptc: replace ipt_chainlabel by xt_chainlabel Jan Engelhardt
` (4 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel,
and add backward-API #defines. The ABI naturally does not change
either, so no soversion bump.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/Makefile.am | 2 +-
include/libiptc/libip6tc.h | 3 ++-
include/libiptc/libiptc.h | 3 ++-
include/libiptc/xtcshared.h | 6 ++++++
4 files changed, 11 insertions(+), 3 deletions(-)
create mode 100644 include/libiptc/xtcshared.h
diff --git a/include/Makefile.am b/include/Makefile.am
index 0a1abea..6f7da59 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -9,4 +9,4 @@ endif
nobase_include_HEADERS += \
libiptc/ipt_kernel_headers.h libiptc/libiptc.h \
- libiptc/libip6tc.h libiptc/libxtc.h
+ libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index 4f2d1f8..55e0bfc 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -10,10 +10,11 @@
# include <limits.h> /* INT_MAX in ip6_tables.h */
#endif
#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <libiptc/xtcshared.h>
struct ip6tc_handle;
-typedef char ip6t_chainlabel[32];
+#define ip6t_chainlabel xt_chainlabel
#define IP6TC_LABEL_ACCEPT "ACCEPT"
#define IP6TC_LABEL_DROP "DROP"
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index 3497d6a..ccbf6bf 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -10,6 +10,7 @@
# include <limits.h> /* INT_MAX in ip_tables.h */
#endif
#include <linux/netfilter_ipv4/ip_tables.h>
+#include <libiptc/xtcshared.h>
#ifdef __cplusplus
extern "C" {
@@ -17,7 +18,7 @@ extern "C" {
struct iptc_handle;
-typedef char ipt_chainlabel[32];
+#define ipt_chainlabel xt_chainlabel
#define IPTC_LABEL_ACCEPT "ACCEPT"
#define IPTC_LABEL_DROP "DROP"
diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
new file mode 100644
index 0000000..aaf87a4
--- /dev/null
+++ b/include/libiptc/xtcshared.h
@@ -0,0 +1,6 @@
+#ifndef _LIBXTC_SHARED_H
+#define _LIBXTC_SHARED_H 1
+
+typedef char xt_chainlabel[32];
+
+#endif /* _LIBXTC_SHARED_H */
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 5/9] libiptc: replace ipt_chainlabel by xt_chainlabel
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
` (3 preceding siblings ...)
2011-09-11 15:35 ` [PATCH 4/9] libiptc: combine common types Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-11 15:35 ` [PATCH 6/9] libiptc: combine common types: _handle Jan Engelhardt
` (3 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/ip6tables.h | 6 +++---
include/iptables.h | 6 +++---
include/libiptc/libip6tc.h | 38 +++++++++++++++++++-------------------
include/libiptc/libiptc.h | 38 +++++++++++++++++++-------------------
iptables/ip6tables.c | 30 +++++++++++++++---------------
iptables/iptables.c | 30 +++++++++++++++---------------
libiptc/libip4tc.c | 2 +-
libiptc/libip6tc.c | 2 +-
8 files changed, 76 insertions(+), 76 deletions(-)
diff --git a/include/ip6tables.h b/include/ip6tables.h
index e976361..1def393 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -10,9 +10,9 @@
extern int do_command6(int argc, char *argv[], char **table,
struct ip6tc_handle **handle);
-extern int for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle);
-extern int flush_entries6(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle);
-extern int delete_chain6(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle);
+extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle);
+extern int flush_entries6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle);
+extern int delete_chain6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle);
void print_rule6(const struct ip6t_entry *e, struct ip6tc_handle *h, const char *chain, int counters);
extern struct xtables_globals ip6tables_globals;
diff --git a/include/iptables.h b/include/iptables.h
index 89217e2..6edd369 100644
--- a/include/iptables.h
+++ b/include/iptables.h
@@ -9,11 +9,11 @@
/* Your shared library should call one of these. */
extern int do_command4(int argc, char *argv[], char **table,
struct iptc_handle **handle);
-extern int delete_chain4(const ipt_chainlabel chain, int verbose,
+extern int delete_chain4(const xt_chainlabel chain, int verbose,
struct iptc_handle *handle);
-extern int flush_entries4(const ipt_chainlabel chain, int verbose,
+extern int flush_entries4(const xt_chainlabel chain, int verbose,
struct iptc_handle *handle);
-extern int for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
+extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *),
int verbose, int builtinstoo, struct iptc_handle *handle);
extern void print_rule4(const struct ipt_entry *e,
struct iptc_handle *handle, const char *chain, int counters);
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index 55e0bfc..6332073 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -59,89 +59,89 @@ const char *ip6tc_get_policy(const char *chain,
/* Rule numbers start at 1 for the first rule. */
/* Insert the entry `fw' in chain `chain' into position `rulenum'. */
-int ip6tc_insert_entry(const ip6t_chainlabel chain,
+int ip6tc_insert_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
struct ip6tc_handle *handle);
/* Atomically replace rule `rulenum' in `chain' with `fw'. */
-int ip6tc_replace_entry(const ip6t_chainlabel chain,
+int ip6tc_replace_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
struct ip6tc_handle *handle);
/* Append entry `fw' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
-int ip6tc_append_entry(const ip6t_chainlabel chain,
+int ip6tc_append_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
struct ip6tc_handle *handle);
/* Check whether a matching rule exists */
-int ip6tc_check_entry(const ip6t_chainlabel chain,
+int ip6tc_check_entry(const xt_chainlabel chain,
const struct ip6t_entry *origfw,
unsigned char *matchmask,
struct ip6tc_handle *handle);
/* Delete the first rule in `chain' which matches `fw'. */
-int ip6tc_delete_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_entry(const xt_chainlabel chain,
const struct ip6t_entry *origfw,
unsigned char *matchmask,
struct ip6tc_handle *handle);
/* Delete the rule in position `rulenum' in `chain'. */
-int ip6tc_delete_num_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
struct ip6tc_handle *handle);
/* Check the packet `fw' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
-const char *ip6tc_check_packet(const ip6t_chainlabel chain,
+const char *ip6tc_check_packet(const xt_chainlabel chain,
struct ip6t_entry *,
struct ip6tc_handle *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
-int ip6tc_flush_entries(const ip6t_chainlabel chain,
+int ip6tc_flush_entries(const xt_chainlabel chain,
struct ip6tc_handle *handle);
/* Zeroes the counters in a chain. */
-int ip6tc_zero_entries(const ip6t_chainlabel chain,
+int ip6tc_zero_entries(const xt_chainlabel chain,
struct ip6tc_handle *handle);
/* Creates a new chain. */
-int ip6tc_create_chain(const ip6t_chainlabel chain,
+int ip6tc_create_chain(const xt_chainlabel chain,
struct ip6tc_handle *handle);
/* Deletes a chain. */
-int ip6tc_delete_chain(const ip6t_chainlabel chain,
+int ip6tc_delete_chain(const xt_chainlabel chain,
struct ip6tc_handle *handle);
/* Renames a chain. */
-int ip6tc_rename_chain(const ip6t_chainlabel oldname,
- const ip6t_chainlabel newname,
+int ip6tc_rename_chain(const xt_chainlabel oldname,
+ const xt_chainlabel newname,
struct ip6tc_handle *handle);
/* Sets the policy on a built-in chain. */
-int ip6tc_set_policy(const ip6t_chainlabel chain,
- const ip6t_chainlabel policy,
+int ip6tc_set_policy(const xt_chainlabel chain,
+ const xt_chainlabel policy,
struct ip6t_counters *counters,
struct ip6tc_handle *handle);
/* Get the number of references to this chain */
-int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain,
+int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
struct ip6tc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain,
+struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ip6tc_handle *handle);
/* zero packet and byte counters for a specific rule */
-int ip6tc_zero_counter(const ip6t_chainlabel chain,
+int ip6tc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ip6tc_handle *handle);
/* set packet and byte counters for a specific rule */
-int ip6tc_set_counter(const ip6t_chainlabel chain,
+int ip6tc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ip6t_counters *counters,
struct ip6tc_handle *handle);
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index ccbf6bf..ded4d97 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -63,91 +63,91 @@ const char *iptc_get_policy(const char *chain,
/* Rule numbers start at 1 for the first rule. */
/* Insert the entry `e' in chain `chain' into position `rulenum'. */
-int iptc_insert_entry(const ipt_chainlabel chain,
+int iptc_insert_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
unsigned int rulenum,
struct iptc_handle *handle);
/* Atomically replace rule `rulenum' in `chain' with `e'. */
-int iptc_replace_entry(const ipt_chainlabel chain,
+int iptc_replace_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
unsigned int rulenum,
struct iptc_handle *handle);
/* Append entry `e' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
-int iptc_append_entry(const ipt_chainlabel chain,
+int iptc_append_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
struct iptc_handle *handle);
/* Check whether a mathching rule exists */
-int iptc_check_entry(const ipt_chainlabel chain,
+int iptc_check_entry(const xt_chainlabel chain,
const struct ipt_entry *origfw,
unsigned char *matchmask,
struct iptc_handle *handle);
/* Delete the first rule in `chain' which matches `e', subject to
matchmask (array of length == origfw) */
-int iptc_delete_entry(const ipt_chainlabel chain,
+int iptc_delete_entry(const xt_chainlabel chain,
const struct ipt_entry *origfw,
unsigned char *matchmask,
struct iptc_handle *handle);
/* Delete the rule in position `rulenum' in `chain'. */
-int iptc_delete_num_entry(const ipt_chainlabel chain,
+int iptc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
struct iptc_handle *handle);
/* Check the packet `e' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
-const char *iptc_check_packet(const ipt_chainlabel chain,
+const char *iptc_check_packet(const xt_chainlabel chain,
struct ipt_entry *entry,
struct iptc_handle *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
-int iptc_flush_entries(const ipt_chainlabel chain,
+int iptc_flush_entries(const xt_chainlabel chain,
struct iptc_handle *handle);
/* Zeroes the counters in a chain. */
-int iptc_zero_entries(const ipt_chainlabel chain,
+int iptc_zero_entries(const xt_chainlabel chain,
struct iptc_handle *handle);
/* Creates a new chain. */
-int iptc_create_chain(const ipt_chainlabel chain,
+int iptc_create_chain(const xt_chainlabel chain,
struct iptc_handle *handle);
/* Deletes a chain. */
-int iptc_delete_chain(const ipt_chainlabel chain,
+int iptc_delete_chain(const xt_chainlabel chain,
struct iptc_handle *handle);
/* Renames a chain. */
-int iptc_rename_chain(const ipt_chainlabel oldname,
- const ipt_chainlabel newname,
+int iptc_rename_chain(const xt_chainlabel oldname,
+ const xt_chainlabel newname,
struct iptc_handle *handle);
/* Sets the policy on a built-in chain. */
-int iptc_set_policy(const ipt_chainlabel chain,
- const ipt_chainlabel policy,
+int iptc_set_policy(const xt_chainlabel chain,
+ const xt_chainlabel policy,
struct ipt_counters *counters,
struct iptc_handle *handle);
/* Get the number of references to this chain */
int iptc_get_references(unsigned int *ref,
- const ipt_chainlabel chain,
+ const xt_chainlabel chain,
struct iptc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain,
+struct ipt_counters *iptc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct iptc_handle *handle);
/* zero packet and byte counters for a specific rule */
-int iptc_zero_counter(const ipt_chainlabel chain,
+int iptc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct iptc_handle *handle);
/* set packet and byte counters for a specific rule */
-int iptc_set_counter(const ipt_chainlabel chain,
+int iptc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ipt_counters *counters,
struct iptc_handle *handle);
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 04e5224..c5d2a0b 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -676,7 +676,7 @@ print_firewall_line(const struct ip6t_entry *fw,
}
static int
-append_entry(const ip6t_chainlabel chain,
+append_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
@@ -706,7 +706,7 @@ append_entry(const ip6t_chainlabel chain,
}
static int
-replace_entry(const ip6t_chainlabel chain,
+replace_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int rulenum,
const struct in6_addr *saddr, const struct in6_addr *smask,
@@ -725,7 +725,7 @@ replace_entry(const ip6t_chainlabel chain,
}
static int
-insert_entry(const ip6t_chainlabel chain,
+insert_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int rulenum,
unsigned int nsaddrs,
@@ -790,7 +790,7 @@ make_delete_mask(const struct xtables_rule_match *matches,
}
static int
-delete_entry(const ip6t_chainlabel chain,
+delete_entry(const xt_chainlabel chain,
struct ip6t_entry *fw,
unsigned int nsaddrs,
const struct in6_addr saddrs[],
@@ -825,7 +825,7 @@ delete_entry(const ip6t_chainlabel chain,
}
static int
-check_entry(const ip6t_chainlabel chain, struct ip6t_entry *fw,
+check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
unsigned int nsaddrs, const struct in6_addr *saddrs,
const struct in6_addr *smasks, unsigned int ndaddrs,
const struct in6_addr *daddrs, const struct in6_addr *dmasks,
@@ -855,7 +855,7 @@ check_entry(const ip6t_chainlabel chain, struct ip6t_entry *fw,
}
int
-for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
+for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *),
int verbose, int builtinstoo, struct ip6tc_handle *handle)
{
int ret = 1;
@@ -869,21 +869,21 @@ for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
chain = ip6tc_next_chain(handle);
}
- chains = xtables_malloc(sizeof(ip6t_chainlabel) * chaincount);
+ chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount);
i = 0;
chain = ip6tc_first_chain(handle);
while (chain) {
- strcpy(chains + i*sizeof(ip6t_chainlabel), chain);
+ strcpy(chains + i*sizeof(xt_chainlabel), chain);
i++;
chain = ip6tc_next_chain(handle);
}
for (i = 0; i < chaincount; i++) {
if (!builtinstoo
- && ip6tc_builtin(chains + i*sizeof(ip6t_chainlabel),
+ && ip6tc_builtin(chains + i*sizeof(xt_chainlabel),
handle) == 1)
continue;
- ret &= fn(chains + i*sizeof(ip6t_chainlabel), verbose, handle);
+ ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle);
}
free(chains);
@@ -891,7 +891,7 @@ for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *),
}
int
-flush_entries6(const ip6t_chainlabel chain, int verbose,
+flush_entries6(const xt_chainlabel chain, int verbose,
struct ip6tc_handle *handle)
{
if (!chain)
@@ -903,7 +903,7 @@ flush_entries6(const ip6t_chainlabel chain, int verbose,
}
static int
-zero_entries(const ip6t_chainlabel chain, int verbose,
+zero_entries(const xt_chainlabel chain, int verbose,
struct ip6tc_handle *handle)
{
if (!chain)
@@ -915,7 +915,7 @@ zero_entries(const ip6t_chainlabel chain, int verbose,
}
int
-delete_chain6(const ip6t_chainlabel chain, int verbose,
+delete_chain6(const xt_chainlabel chain, int verbose,
struct ip6tc_handle *handle)
{
if (!chain)
@@ -927,7 +927,7 @@ delete_chain6(const ip6t_chainlabel chain, int verbose,
}
static int
-list_entries(const ip6t_chainlabel chain, int rulenum, int verbose, int numeric,
+list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
int expanded, int linenumbers, struct ip6tc_handle *handle)
{
int found = 0;
@@ -1169,7 +1169,7 @@ void print_rule6(const struct ip6t_entry *e,
}
static int
-list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
+list_rules(const xt_chainlabel chain, int rulenum, int counters,
struct ip6tc_handle *handle)
{
const char *this = NULL;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 830ddbc..f5f47fa 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -678,7 +678,7 @@ print_firewall_line(const struct ipt_entry *fw,
}
static int
-append_entry(const ipt_chainlabel chain,
+append_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -708,7 +708,7 @@ append_entry(const ipt_chainlabel chain,
}
static int
-replace_entry(const ipt_chainlabel chain,
+replace_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
const struct in_addr *saddr, const struct in_addr *smask,
@@ -727,7 +727,7 @@ replace_entry(const ipt_chainlabel chain,
}
static int
-insert_entry(const ipt_chainlabel chain,
+insert_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
unsigned int nsaddrs,
@@ -792,7 +792,7 @@ make_delete_mask(const struct xtables_rule_match *matches,
}
static int
-delete_entry(const ipt_chainlabel chain,
+delete_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -827,7 +827,7 @@ delete_entry(const ipt_chainlabel chain,
}
static int
-check_entry(const ipt_chainlabel chain, struct ipt_entry *fw,
+check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
unsigned int nsaddrs, const struct in_addr *saddrs,
const struct in_addr *smasks, unsigned int ndaddrs,
const struct in_addr *daddrs, const struct in_addr *dmasks,
@@ -857,7 +857,7 @@ check_entry(const ipt_chainlabel chain, struct ipt_entry *fw,
}
int
-for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
+for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *),
int verbose, int builtinstoo, struct iptc_handle *handle)
{
int ret = 1;
@@ -871,21 +871,21 @@ for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
chain = iptc_next_chain(handle);
}
- chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount);
+ chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount);
i = 0;
chain = iptc_first_chain(handle);
while (chain) {
- strcpy(chains + i*sizeof(ipt_chainlabel), chain);
+ strcpy(chains + i*sizeof(xt_chainlabel), chain);
i++;
chain = iptc_next_chain(handle);
}
for (i = 0; i < chaincount; i++) {
if (!builtinstoo
- && iptc_builtin(chains + i*sizeof(ipt_chainlabel),
+ && iptc_builtin(chains + i*sizeof(xt_chainlabel),
handle) == 1)
continue;
- ret &= fn(chains + i*sizeof(ipt_chainlabel), verbose, handle);
+ ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle);
}
free(chains);
@@ -893,7 +893,7 @@ for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
}
int
-flush_entries4(const ipt_chainlabel chain, int verbose,
+flush_entries4(const xt_chainlabel chain, int verbose,
struct iptc_handle *handle)
{
if (!chain)
@@ -905,7 +905,7 @@ flush_entries4(const ipt_chainlabel chain, int verbose,
}
static int
-zero_entries(const ipt_chainlabel chain, int verbose,
+zero_entries(const xt_chainlabel chain, int verbose,
struct iptc_handle *handle)
{
if (!chain)
@@ -917,7 +917,7 @@ zero_entries(const ipt_chainlabel chain, int verbose,
}
int
-delete_chain4(const ipt_chainlabel chain, int verbose,
+delete_chain4(const xt_chainlabel chain, int verbose,
struct iptc_handle *handle)
{
if (!chain)
@@ -929,7 +929,7 @@ delete_chain4(const ipt_chainlabel chain, int verbose,
}
static int
-list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric,
+list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
int expanded, int linenumbers, struct iptc_handle *handle)
{
int found = 0;
@@ -1177,7 +1177,7 @@ void print_rule4(const struct ipt_entry *e,
}
static int
-list_rules(const ipt_chainlabel chain, int rulenum, int counters,
+list_rules(const xt_chainlabel chain, int rulenum, int counters,
struct iptc_handle *handle)
{
const char *this = NULL;
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index 3b0c15a..b9e50c5 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -59,7 +59,7 @@ typedef unsigned int socklen_t;
#define ERROR_TARGET IPT_ERROR_TARGET
#define NUMHOOKS NF_IP_NUMHOOKS
-#define IPT_CHAINLABEL ipt_chainlabel
+#define IPT_CHAINLABEL xt_chainlabel
#define TC_DUMP_ENTRIES dump_entries
#define TC_IS_CHAIN iptc_is_chain
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 0f8a889..93366e2 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -57,7 +57,7 @@ typedef unsigned int socklen_t;
#define ERROR_TARGET IP6T_ERROR_TARGET
#define NUMHOOKS NF_IP6_NUMHOOKS
-#define IPT_CHAINLABEL ip6t_chainlabel
+#define IPT_CHAINLABEL xt_chainlabel
#define TC_DUMP_ENTRIES dump_entries6
#define TC_IS_CHAIN ip6tc_is_chain
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 6/9] libiptc: combine common types: _handle
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
` (4 preceding siblings ...)
2011-09-11 15:35 ` [PATCH 5/9] libiptc: replace ipt_chainlabel by xt_chainlabel Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-11 15:35 ` [PATCH 7/9] src: resolve old macro names that are indirections Jan Engelhardt
` (2 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
No real API/ABI change incurred, since the definition of the structs'
types is not visible anyhow.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/ip6tables.h | 10 +++---
include/iptables.h | 12 ++++----
include/libiptc/libip6tc.h | 61 +++++++++++++++++++--------------------
include/libiptc/libiptc.h | 61 +++++++++++++++++++--------------------
include/libiptc/xtcshared.h | 1 +
iptables/ip6tables-restore.c | 6 ++--
iptables/ip6tables-save.c | 2 +-
iptables/ip6tables-standalone.c | 2 +-
iptables/ip6tables.c | 34 +++++++++++-----------
iptables/iptables-restore.c | 6 ++--
iptables/iptables-save.c | 2 +-
iptables/iptables-standalone.c | 2 +-
iptables/iptables.c | 34 +++++++++++-----------
libiptc/libip4tc.c | 9 ++----
libiptc/libip6tc.c | 5 +--
libiptc/libiptc.c | 5 +--
16 files changed, 122 insertions(+), 130 deletions(-)
diff --git a/include/ip6tables.h b/include/ip6tables.h
index 1def393..37d2e0a 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -8,12 +8,12 @@
/* Your shared library should call one of these. */
extern int do_command6(int argc, char *argv[], char **table,
- struct ip6tc_handle **handle);
+ struct xtc_handle **handle);
-extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle);
-extern int flush_entries6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle);
-extern int delete_chain6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle);
-void print_rule6(const struct ip6t_entry *e, struct ip6tc_handle *h, const char *chain, int counters);
+extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), int verbose, int builtinstoo, struct xtc_handle *handle);
+extern int flush_entries6(const xt_chainlabel chain, int verbose, struct xtc_handle *handle);
+extern int delete_chain6(const xt_chainlabel chain, int verbose, struct xtc_handle *handle);
+void print_rule6(const struct ip6t_entry *e, struct xtc_handle *h, const char *chain, int counters);
extern struct xtables_globals ip6tables_globals;
diff --git a/include/iptables.h b/include/iptables.h
index 6edd369..c42613c 100644
--- a/include/iptables.h
+++ b/include/iptables.h
@@ -8,15 +8,15 @@
/* Your shared library should call one of these. */
extern int do_command4(int argc, char *argv[], char **table,
- struct iptc_handle **handle);
+ struct xtc_handle **handle);
extern int delete_chain4(const xt_chainlabel chain, int verbose,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
extern int flush_entries4(const xt_chainlabel chain, int verbose,
- struct iptc_handle *handle);
-extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *),
- int verbose, int builtinstoo, struct iptc_handle *handle);
+ struct xtc_handle *handle);
+extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle);
extern void print_rule4(const struct ipt_entry *e,
- struct iptc_handle *handle, const char *chain, int counters);
+ struct xtc_handle *handle, const char *chain, int counters);
extern struct xtables_globals iptables_globals;
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index 6332073..f85dda7 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -12,8 +12,7 @@
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <libiptc/xtcshared.h>
-struct ip6tc_handle;
-
+#define ip6tc_handle xtc_handle
#define ip6t_chainlabel xt_chainlabel
#define IP6TC_LABEL_ACCEPT "ACCEPT"
@@ -22,37 +21,37 @@ struct ip6tc_handle;
#define IP6TC_LABEL_RETURN "RETURN"
/* Does this chain exist? */
-int ip6tc_is_chain(const char *chain, struct ip6tc_handle *const handle);
+int ip6tc_is_chain(const char *chain, struct xtc_handle *const handle);
/* Take a snapshot of the rules. Returns NULL on error. */
-struct ip6tc_handle *ip6tc_init(const char *tablename);
+struct xtc_handle *ip6tc_init(const char *tablename);
/* Cleanup after ip6tc_init(). */
-void ip6tc_free(struct ip6tc_handle *h);
+void ip6tc_free(struct xtc_handle *h);
/* Iterator functions to run through the chains. Returns NULL at end. */
-const char *ip6tc_first_chain(struct ip6tc_handle *handle);
-const char *ip6tc_next_chain(struct ip6tc_handle *handle);
+const char *ip6tc_first_chain(struct xtc_handle *handle);
+const char *ip6tc_next_chain(struct xtc_handle *handle);
/* Get first rule in the given chain: NULL for empty chain. */
const struct ip6t_entry *ip6tc_first_rule(const char *chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Returns NULL when rules run out. */
const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Returns a pointer to the target name of this position. */
const char *ip6tc_get_target(const struct ip6t_entry *e,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Is this a built-in chain? */
-int ip6tc_builtin(const char *chain, struct ip6tc_handle *const handle);
+int ip6tc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *ip6tc_get_policy(const char *chain,
struct ip6t_counters *counters,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
0, it means there was a version error (ie. upgrade libiptc). */
@@ -62,92 +61,92 @@ const char *ip6tc_get_policy(const char *chain,
int ip6tc_insert_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Atomically replace rule `rulenum' in `chain' with `fw'. */
int ip6tc_replace_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Append entry `fw' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
int ip6tc_append_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Check whether a matching rule exists */
int ip6tc_check_entry(const xt_chainlabel chain,
const struct ip6t_entry *origfw,
unsigned char *matchmask,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Delete the first rule in `chain' which matches `fw'. */
int ip6tc_delete_entry(const xt_chainlabel chain,
const struct ip6t_entry *origfw,
unsigned char *matchmask,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Delete the rule in position `rulenum' in `chain'. */
int ip6tc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Check the packet `fw' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
const char *ip6tc_check_packet(const xt_chainlabel chain,
struct ip6t_entry *,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
int ip6tc_flush_entries(const xt_chainlabel chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Zeroes the counters in a chain. */
int ip6tc_zero_entries(const xt_chainlabel chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Creates a new chain. */
int ip6tc_create_chain(const xt_chainlabel chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Deletes a chain. */
int ip6tc_delete_chain(const xt_chainlabel chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Renames a chain. */
int ip6tc_rename_chain(const xt_chainlabel oldname,
const xt_chainlabel newname,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Sets the policy on a built-in chain. */
int ip6tc_set_policy(const xt_chainlabel chain,
const xt_chainlabel policy,
struct ip6t_counters *counters,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Get the number of references to this chain */
int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* zero packet and byte counters for a specific rule */
int ip6tc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* set packet and byte counters for a specific rule */
int ip6tc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ip6t_counters *counters,
- struct ip6tc_handle *handle);
+ struct xtc_handle *handle);
/* Makes the actual changes. */
-int ip6tc_commit(struct ip6tc_handle *handle);
+int ip6tc_commit(struct xtc_handle *handle);
/* Get raw socket. */
int ip6tc_get_raw_socket(void);
@@ -158,6 +157,6 @@ const char *ip6tc_strerror(int err);
/* Return prefix length, or -1 if not contiguous */
int ipv6_prefix_length(const struct in6_addr *a);
-extern void dump_entries6(struct ip6tc_handle *const);
+extern void dump_entries6(struct xtc_handle *const);
#endif /* _LIBIP6TC_H */
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index ded4d97..cf91725 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -16,8 +16,7 @@
extern "C" {
#endif
-struct iptc_handle;
-
+#define iptc_handle xtc_handle
#define ipt_chainlabel xt_chainlabel
#define IPTC_LABEL_ACCEPT "ACCEPT"
@@ -26,37 +25,37 @@ struct iptc_handle;
#define IPTC_LABEL_RETURN "RETURN"
/* Does this chain exist? */
-int iptc_is_chain(const char *chain, struct iptc_handle *const handle);
+int iptc_is_chain(const char *chain, struct xtc_handle *const handle);
/* Take a snapshot of the rules. Returns NULL on error. */
-struct iptc_handle *iptc_init(const char *tablename);
+struct xtc_handle *iptc_init(const char *tablename);
/* Cleanup after iptc_init(). */
-void iptc_free(struct iptc_handle *h);
+void iptc_free(struct xtc_handle *h);
/* Iterator functions to run through the chains. Returns NULL at end. */
-const char *iptc_first_chain(struct iptc_handle *handle);
-const char *iptc_next_chain(struct iptc_handle *handle);
+const char *iptc_first_chain(struct xtc_handle *handle);
+const char *iptc_next_chain(struct xtc_handle *handle);
/* Get first rule in the given chain: NULL for empty chain. */
const struct ipt_entry *iptc_first_rule(const char *chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Returns NULL when rules run out. */
const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Returns a pointer to the target name of this entry. */
const char *iptc_get_target(const struct ipt_entry *e,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Is this a built-in chain? */
-int iptc_builtin(const char *chain, struct iptc_handle *const handle);
+int iptc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *iptc_get_policy(const char *chain,
struct ipt_counters *counter,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
0, it means there was a version error (ie. upgrade libiptc). */
@@ -66,94 +65,94 @@ const char *iptc_get_policy(const char *chain,
int iptc_insert_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Atomically replace rule `rulenum' in `chain' with `e'. */
int iptc_replace_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Append entry `e' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
int iptc_append_entry(const xt_chainlabel chain,
const struct ipt_entry *e,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Check whether a mathching rule exists */
int iptc_check_entry(const xt_chainlabel chain,
const struct ipt_entry *origfw,
unsigned char *matchmask,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Delete the first rule in `chain' which matches `e', subject to
matchmask (array of length == origfw) */
int iptc_delete_entry(const xt_chainlabel chain,
const struct ipt_entry *origfw,
unsigned char *matchmask,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Delete the rule in position `rulenum' in `chain'. */
int iptc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Check the packet `e' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
const char *iptc_check_packet(const xt_chainlabel chain,
struct ipt_entry *entry,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
int iptc_flush_entries(const xt_chainlabel chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Zeroes the counters in a chain. */
int iptc_zero_entries(const xt_chainlabel chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Creates a new chain. */
int iptc_create_chain(const xt_chainlabel chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Deletes a chain. */
int iptc_delete_chain(const xt_chainlabel chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Renames a chain. */
int iptc_rename_chain(const xt_chainlabel oldname,
const xt_chainlabel newname,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Sets the policy on a built-in chain. */
int iptc_set_policy(const xt_chainlabel chain,
const xt_chainlabel policy,
struct ipt_counters *counters,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Get the number of references to this chain */
int iptc_get_references(unsigned int *ref,
const xt_chainlabel chain,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
struct ipt_counters *iptc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* zero packet and byte counters for a specific rule */
int iptc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* set packet and byte counters for a specific rule */
int iptc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ipt_counters *counters,
- struct iptc_handle *handle);
+ struct xtc_handle *handle);
/* Makes the actual changes. */
-int iptc_commit(struct iptc_handle *handle);
+int iptc_commit(struct xtc_handle *handle);
/* Get raw socket. */
int iptc_get_raw_socket(void);
@@ -161,7 +160,7 @@ int iptc_get_raw_socket(void);
/* Translates errno numbers into more human-readable form than strerror. */
const char *iptc_strerror(int err);
-extern void dump_entries(struct iptc_handle *const);
+extern void dump_entries(struct xtc_handle *const);
#ifdef __cplusplus
}
diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
index aaf87a4..89a5151 100644
--- a/include/libiptc/xtcshared.h
+++ b/include/libiptc/xtcshared.h
@@ -2,5 +2,6 @@
#define _LIBXTC_SHARED_H 1
typedef char xt_chainlabel[32];
+struct xtc_handle;
#endif /* _LIBXTC_SHARED_H */
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 1487504..c5afe31 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -56,9 +56,9 @@ static void print_usage(const char *name, const char *version)
exit(1);
}
-static struct ip6tc_handle *create_handle(const char *tablename)
+static struct xtc_handle *create_handle(const char *tablename)
{
- struct ip6tc_handle *handle;
+ struct xtc_handle *handle;
handle = ip6tc_init(tablename);
@@ -116,7 +116,7 @@ static void free_argv(void) {
int ip6tables_restore_main(int argc, char *argv[])
{
- struct ip6tc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
char curtable[IP6T_TABLE_MAXNAMELEN + 1];
diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index 38b0c2f..fbfce78 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -60,7 +60,7 @@ static int for_each_table(int (*func)(const char *tablename))
static int do_output(const char *tablename)
{
- struct ip6tc_handle *h;
+ struct xtc_handle *h;
const char *chain = NULL;
if (!tablename)
diff --git a/iptables/ip6tables-standalone.c b/iptables/ip6tables-standalone.c
index 6b82935..21b5811 100644
--- a/iptables/ip6tables-standalone.c
+++ b/iptables/ip6tables-standalone.c
@@ -42,7 +42,7 @@ ip6tables_main(int argc, char *argv[])
{
int ret;
char *table = "filter";
- struct ip6tc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
ip6tables_globals.program_name = "ip6tables";
ret = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index c5d2a0b..7b12205 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -469,7 +469,7 @@ print_num(uint64_t number, unsigned int format)
static void
-print_header(unsigned int format, const char *chain, struct ip6tc_handle *handle)
+print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
struct ip6t_counters counters;
const char *pol = ip6tc_get_policy(chain, &counters, handle);
@@ -545,7 +545,7 @@ print_firewall(const struct ip6t_entry *fw,
const char *targname,
unsigned int num,
unsigned int format,
- struct ip6tc_handle *const handle)
+ struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
const struct ip6t_entry_target *t;
@@ -667,7 +667,7 @@ print_firewall(const struct ip6t_entry *fw,
static void
print_firewall_line(const struct ip6t_entry *fw,
- struct ip6tc_handle *const h)
+ struct xtc_handle *const h)
{
struct ip6t_entry_target *t;
@@ -685,7 +685,7 @@ append_entry(const xt_chainlabel chain,
const struct in6_addr daddrs[],
const struct in6_addr dmasks[],
int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -712,7 +712,7 @@ replace_entry(const xt_chainlabel chain,
const struct in6_addr *saddr, const struct in6_addr *smask,
const struct in6_addr *daddr, const struct in6_addr *dmask,
int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
fw->ipv6.src = *saddr;
fw->ipv6.dst = *daddr;
@@ -735,7 +735,7 @@ insert_entry(const xt_chainlabel chain,
const struct in6_addr daddrs[],
const struct in6_addr dmasks[],
int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -799,7 +799,7 @@ delete_entry(const xt_chainlabel chain,
const struct in6_addr daddrs[],
const struct in6_addr dmasks[],
int verbose,
- struct ip6tc_handle *handle,
+ struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -829,7 +829,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
unsigned int nsaddrs, const struct in6_addr *saddrs,
const struct in6_addr *smasks, unsigned int ndaddrs,
const struct in6_addr *daddrs, const struct in6_addr *dmasks,
- bool verbose, struct ip6tc_handle *handle,
+ bool verbose, struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -855,8 +855,8 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
}
int
-for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *),
- int verbose, int builtinstoo, struct ip6tc_handle *handle)
+for_each_chain6(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle)
{
int ret = 1;
const char *chain;
@@ -892,7 +892,7 @@ for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *),
int
flush_entries6(const xt_chainlabel chain, int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain6(flush_entries6, verbose, 1, handle);
@@ -904,7 +904,7 @@ flush_entries6(const xt_chainlabel chain, int verbose,
static int
zero_entries(const xt_chainlabel chain, int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain6(zero_entries, verbose, 1, handle);
@@ -916,7 +916,7 @@ zero_entries(const xt_chainlabel chain, int verbose,
int
delete_chain6(const xt_chainlabel chain, int verbose,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain6(delete_chain6, verbose, 0, handle);
@@ -928,7 +928,7 @@ delete_chain6(const xt_chainlabel chain, int verbose,
static int
list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
- int expanded, int linenumbers, struct ip6tc_handle *handle)
+ int expanded, int linenumbers, struct xtc_handle *handle)
{
int found = 0;
unsigned int format;
@@ -1080,7 +1080,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
/* We want this to be readable, so only print out neccessary fields.
* Because that's the kind of world I want to live in. */
void print_rule6(const struct ip6t_entry *e,
- struct ip6tc_handle *h, const char *chain, int counters)
+ struct xtc_handle *h, const char *chain, int counters)
{
const struct ip6t_entry_target *t;
const char *target_name;
@@ -1170,7 +1170,7 @@ void print_rule6(const struct ip6t_entry *e,
static int
list_rules(const xt_chainlabel chain, int rulenum, int counters,
- struct ip6tc_handle *handle)
+ struct xtc_handle *handle)
{
const char *this = NULL;
int found = 0;
@@ -1328,7 +1328,7 @@ static void command_match(struct iptables_command_state *cs)
m->extra_opts, &m->option_offset);
}
-int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **handle)
+int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle)
{
struct iptables_command_state cs;
struct ip6t_entry *e = NULL;
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index d0bd79a..7152d75 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -56,9 +56,9 @@ static void print_usage(const char *name, const char *version)
exit(1);
}
-static struct iptc_handle *create_handle(const char *tablename)
+static struct xtc_handle *create_handle(const char *tablename)
{
- struct iptc_handle *handle;
+ struct xtc_handle *handle;
handle = iptc_init(tablename);
@@ -116,7 +116,7 @@ static void free_argv(void) {
int
iptables_restore_main(int argc, char *argv[])
{
- struct iptc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
char curtable[IPT_TABLE_MAXNAMELEN + 1];
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index a25a186..ff42f88 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -58,7 +58,7 @@ static int for_each_table(int (*func)(const char *tablename))
static int do_output(const char *tablename)
{
- struct iptc_handle *h;
+ struct xtc_handle *h;
const char *chain = NULL;
if (!tablename)
diff --git a/iptables/iptables-standalone.c b/iptables/iptables-standalone.c
index 1ebec33..683a44a 100644
--- a/iptables/iptables-standalone.c
+++ b/iptables/iptables-standalone.c
@@ -43,7 +43,7 @@ iptables_main(int argc, char *argv[])
{
int ret;
char *table = "filter";
- struct iptc_handle *handle = NULL;
+ struct xtc_handle *handle = NULL;
iptables_globals.program_name = "iptables";
ret = xtables_init_all(&iptables_globals, NFPROTO_IPV4);
diff --git a/iptables/iptables.c b/iptables/iptables.c
index f5f47fa..d4a7ca1 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -471,7 +471,7 @@ print_num(uint64_t number, unsigned int format)
static void
-print_header(unsigned int format, const char *chain, struct iptc_handle *handle)
+print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
struct ipt_counters counters;
const char *pol = iptc_get_policy(chain, &counters, handle);
@@ -547,7 +547,7 @@ print_firewall(const struct ipt_entry *fw,
const char *targname,
unsigned int num,
unsigned int format,
- struct iptc_handle *const handle)
+ struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
const struct ipt_entry_target *t;
@@ -669,7 +669,7 @@ print_firewall(const struct ipt_entry *fw,
static void
print_firewall_line(const struct ipt_entry *fw,
- struct iptc_handle *const h)
+ struct xtc_handle *const h)
{
struct ipt_entry_target *t;
@@ -687,7 +687,7 @@ append_entry(const xt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -714,7 +714,7 @@ replace_entry(const xt_chainlabel chain,
const struct in_addr *saddr, const struct in_addr *smask,
const struct in_addr *daddr, const struct in_addr *dmask,
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
fw->ip.src.s_addr = saddr->s_addr;
fw->ip.dst.s_addr = daddr->s_addr;
@@ -737,7 +737,7 @@ insert_entry(const xt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -801,7 +801,7 @@ delete_entry(const xt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle,
+ struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -831,7 +831,7 @@ check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
unsigned int nsaddrs, const struct in_addr *saddrs,
const struct in_addr *smasks, unsigned int ndaddrs,
const struct in_addr *daddrs, const struct in_addr *dmasks,
- bool verbose, struct iptc_handle *handle,
+ bool verbose, struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -857,8 +857,8 @@ check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
}
int
-for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *),
- int verbose, int builtinstoo, struct iptc_handle *handle)
+for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle)
{
int ret = 1;
const char *chain;
@@ -894,7 +894,7 @@ for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *),
int
flush_entries4(const xt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain4(flush_entries4, verbose, 1, handle);
@@ -906,7 +906,7 @@ flush_entries4(const xt_chainlabel chain, int verbose,
static int
zero_entries(const xt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain4(zero_entries, verbose, 1, handle);
@@ -918,7 +918,7 @@ zero_entries(const xt_chainlabel chain, int verbose,
int
delete_chain4(const xt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain4(delete_chain4, verbose, 0, handle);
@@ -930,7 +930,7 @@ delete_chain4(const xt_chainlabel chain, int verbose,
static int
list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
- int expanded, int linenumbers, struct iptc_handle *handle)
+ int expanded, int linenumbers, struct xtc_handle *handle)
{
int found = 0;
unsigned int format;
@@ -1097,7 +1097,7 @@ static void print_ip(const char *prefix, uint32_t ip,
/* We want this to be readable, so only print out neccessary fields.
* Because that's the kind of world I want to live in. */
void print_rule4(const struct ipt_entry *e,
- struct iptc_handle *h, const char *chain, int counters)
+ struct xtc_handle *h, const char *chain, int counters)
{
const struct ipt_entry_target *t;
const char *target_name;
@@ -1178,7 +1178,7 @@ void print_rule4(const struct ipt_entry *e,
static int
list_rules(const xt_chainlabel chain, int rulenum, int counters,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
const char *this = NULL;
int found = 0;
@@ -1340,7 +1340,7 @@ static void command_match(struct iptables_command_state *cs)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handle)
+int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle)
{
struct iptables_command_state cs;
struct ipt_entry *e = NULL;
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index b9e50c5..cf29238 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -47,9 +47,6 @@ typedef unsigned int socklen_t;
#define STRUCT_STANDARD_TARGET struct ipt_standard_target
#define STRUCT_REPLACE struct ipt_replace
-#define STRUCT_TC_HANDLE struct iptc_handle
-#define xtc_handle iptc_handle
-
#define ENTRY_ITERATE IPT_ENTRY_ITERATE
#define TABLE_MAXNAMELEN IPT_TABLE_MAXNAMELEN
#define FUNCTION_MAXNAMELEN IPT_FUNCTION_MAXNAMELEN
@@ -123,7 +120,7 @@ typedef unsigned int socklen_t;
#define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n))
static int
-dump_entry(struct ipt_entry *e, struct iptc_handle *const handle)
+dump_entry(struct ipt_entry *e, struct xtc_handle *const handle)
{
size_t i;
STRUCT_ENTRY_TARGET *t;
@@ -238,7 +235,7 @@ check_match(const STRUCT_ENTRY_MATCH *m, unsigned int *off)
static inline int
check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
unsigned int user_offset, int *was_return,
- struct iptc_handle *h)
+ struct xtc_handle *h)
{
unsigned int toff;
STRUCT_STANDARD_TARGET *t;
@@ -314,7 +311,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
#ifdef IPTC_DEBUG
/* Do every conceivable sanity check on the handle */
static void
-do_check(struct iptc_handle *h, unsigned int line)
+do_check(struct xtc_handle *h, unsigned int line)
{
unsigned int i, n;
unsigned int user_offset; /* Offset of first user chain */
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 93366e2..636466f 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -45,9 +45,6 @@ typedef unsigned int socklen_t;
#define STRUCT_STANDARD_TARGET struct ip6t_standard_target
#define STRUCT_REPLACE struct ip6t_replace
-#define STRUCT_TC_HANDLE struct ip6tc_handle
-#define xtc_handle ip6tc_handle
-
#define ENTRY_ITERATE IP6T_ENTRY_ITERATE
#define TABLE_MAXNAMELEN IP6T_TABLE_MAXNAMELEN
#define FUNCTION_MAXNAMELEN IP6T_FUNCTION_MAXNAMELEN
@@ -131,7 +128,7 @@ ipv6_prefix_length(const struct in6_addr *a)
}
static int
-dump_entry(struct ip6t_entry *e, struct ip6tc_handle *const handle)
+dump_entry(struct ip6t_entry *e, struct xtc_handle *const handle)
{
size_t i;
char buf[40];
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 0a29a69..593c5de 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -121,8 +121,7 @@ struct chain_head
unsigned int foot_offset; /* offset in rule blob */
};
-STRUCT_TC_HANDLE
-{
+struct xtc_handle {
int sockfd;
int changed; /* Have changes been made? */
@@ -1270,7 +1269,7 @@ alloc_handle(const char *tablename, unsigned int size, unsigned int num_rules)
{
struct xtc_handle *h;
- h = malloc(sizeof(STRUCT_TC_HANDLE));
+ h = malloc(sizeof(*h));
if (!h) {
errno = ENOMEM;
return NULL;
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 7/9] src: resolve old macro names that are indirections
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
` (5 preceding siblings ...)
2011-09-11 15:35 ` [PATCH 6/9] libiptc: combine common types: _handle Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-11 15:35 ` [PATCH 8/9] libiptc: use a family-invariant xtc_ops struct for code reduction Jan Engelhardt
2011-09-11 15:35 ` [PATCH 9/9] ip6tables-restore: make code look alike with iptables-restore Jan Engelhardt
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Command used:
git grep -f <(pcregrep -hior
'(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/)
and then fix all occurrences.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libipt_realm.c | 10 ++++----
include/libiptc/libip6tc.h | 8 +++---
include/libiptc/libiptc.h | 8 +++---
iptables/ip6tables-restore.c | 13 +++++------
iptables/ip6tables-save.c | 4 +-
iptables/ip6tables.c | 50 +++++++++++++++++++++---------------------
iptables/iptables-restore.c | 13 +++++------
iptables/iptables-save.c | 4 +-
iptables/iptables-xml.c | 36 +++++++++++++++---------------
iptables/iptables.c | 48 ++++++++++++++++++++--------------------
iptables/xshared.c | 2 +-
libiptc/libip4tc.c | 32 +++++++++++++-------------
libiptc/libip6tc.c | 30 ++++++++++++------------
13 files changed, 128 insertions(+), 130 deletions(-)
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index b60c57e..a8d9dda 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -41,7 +41,7 @@ static void realm_init(struct xt_entry_match *m)
static void realm_parse(struct xt_option_call *cb)
{
- struct ipt_realm_info *realminfo = cb->data;
+ struct xt_realm_info *realminfo = cb->data;
int id;
char *end;
@@ -87,7 +87,7 @@ print_realm(unsigned long id, unsigned long mask, int numeric)
static void realm_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- const struct ipt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)match->data;
if (ri->invert)
printf(" !");
@@ -98,7 +98,7 @@ static void realm_print(const void *ip, const struct xt_entry_match *match,
static void realm_save(const void *ip, const struct xt_entry_match *match)
{
- const struct ipt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)match->data;
if (ri->invert)
printf(" !");
@@ -111,8 +111,8 @@ static struct xtables_match realm_mt_reg = {
.name = "realm",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_realm_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_realm_info)),
+ .size = XT_ALIGN(sizeof(struct xt_realm_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_realm_info)),
.help = realm_help,
.init = realm_init,
.print = realm_print,
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index f85dda7..61c1e7f 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -50,7 +50,7 @@ int ip6tc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *ip6tc_get_policy(const char *chain,
- struct ip6t_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
@@ -122,7 +122,7 @@ int ip6tc_rename_chain(const xt_chainlabel oldname,
/* Sets the policy on a built-in chain. */
int ip6tc_set_policy(const xt_chainlabel chain,
const xt_chainlabel policy,
- struct ip6t_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Get the number of references to this chain */
@@ -130,7 +130,7 @@ int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain,
+struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct xtc_handle *handle);
@@ -142,7 +142,7 @@ int ip6tc_zero_counter(const xt_chainlabel chain,
/* set packet and byte counters for a specific rule */
int ip6tc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6t_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Makes the actual changes. */
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index cf91725..6f64f5a 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -54,7 +54,7 @@ int iptc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *iptc_get_policy(const char *chain,
- struct ipt_counters *counter,
+ struct xt_counters *counter,
struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
@@ -127,7 +127,7 @@ int iptc_rename_chain(const xt_chainlabel oldname,
/* Sets the policy on a built-in chain. */
int iptc_set_policy(const xt_chainlabel chain,
const xt_chainlabel policy,
- struct ipt_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Get the number of references to this chain */
@@ -136,7 +136,7 @@ int iptc_get_references(unsigned int *ref,
struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ipt_counters *iptc_read_counter(const xt_chainlabel chain,
+struct xt_counters *iptc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct xtc_handle *handle);
@@ -148,7 +148,7 @@ int iptc_zero_counter(const xt_chainlabel chain,
/* set packet and byte counters for a specific rule */
int iptc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ipt_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Makes the actual changes. */
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index c5afe31..073e42b 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -77,7 +77,7 @@ static struct xtc_handle *create_handle(const char *tablename)
return handle;
}
-static int parse_counters(char *string, struct ip6t_counters *ctr)
+static int parse_counters(char *string, struct xt_counters *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
@@ -119,7 +119,7 @@ int ip6tables_restore_main(int argc, char *argv[])
struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
- char curtable[IP6T_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
@@ -218,8 +218,8 @@ int ip6tables_restore_main(int argc, char *argv[])
line);
exit(1);
}
- strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
- curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
+ curtable[XT_TABLE_MAXNAMELEN] = '\0';
if (tablename != NULL && strcmp(tablename, table) != 0)
continue;
@@ -291,7 +291,7 @@ int ip6tables_restore_main(int argc, char *argv[])
}
if (strcmp(policy, "-") != 0) {
- struct ip6t_counters count;
+ struct xt_counters count;
if (counters) {
char *ctrs;
@@ -303,8 +303,7 @@ int ip6tables_restore_main(int argc, char *argv[])
"for chain '%s'\n", chain);
} else {
- memset(&count, 0,
- sizeof(struct ip6t_counters));
+ memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index fbfce78..d819b30 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(const char *tablename))
{
int ret = 1;
FILE *procfile = NULL;
- char tablename[IP6T_TABLE_MAXNAMELEN+1];
+ char tablename[XT_TABLE_MAXNAMELEN+1];
procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
@@ -89,7 +89,7 @@ static int do_output(const char *tablename)
printf(":%s ", chain);
if (ip6tc_builtin(chain, h)) {
- struct ip6t_counters count;
+ struct xt_counters count;
printf("%s ",
ip6tc_get_policy(chain, &count, h));
printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 7b12205..b191d5d 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -172,7 +172,7 @@ static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
/* -n */ 0,
/* -s */ IP6T_INV_SRCIP,
/* -d */ IP6T_INV_DSTIP,
-/* -p */ IP6T_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
@@ -471,7 +471,7 @@ print_num(uint64_t number, unsigned int format)
static void
print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ip6t_counters counters;
+ struct xt_counters counters;
const char *pol = ip6tc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
@@ -519,7 +519,7 @@ print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
static int
-print_match(const struct ip6t_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ip6t_ip6 *ip,
int numeric)
{
@@ -548,13 +548,13 @@ print_firewall(const struct ip6t_entry *fw,
struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
- const struct ip6t_entry_target *t;
+ const struct xt_entry_target *t;
char buf[BUFSIZ];
if (!ip6tc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IP6T_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ip6t_get_target((struct ip6t_entry *)fw);
@@ -570,7 +570,7 @@ print_firewall(const struct ip6t_entry *fw,
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ipv6.invflags & IP6T_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ipv6.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
if (pname)
@@ -669,7 +669,7 @@ static void
print_firewall_line(const struct ip6t_entry *fw,
struct xtc_handle *const h)
{
- struct ip6t_entry_target *t;
+ struct xt_entry_target *t;
t = ip6t_get_target((struct ip6t_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
@@ -766,10 +766,10 @@ make_delete_mask(const struct xtables_rule_match *matches,
size = sizeof(struct ip6t_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += XT_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + XT_ALIGN(sizeof(struct ip6t_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ip6t_entry));
@@ -777,13 +777,13 @@ make_delete_mask(const struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ip6t_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += XT_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ip6t_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
@@ -1033,7 +1033,7 @@ static void print_proto(uint16_t proto, int invert)
}
}
-static int print_match_save(const struct ip6t_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ip6t_ip6 *ip)
{
const struct xtables_match *match =
@@ -1082,7 +1082,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
void print_rule6(const struct ip6t_entry *e,
struct xtc_handle *h, const char *chain, int counters)
{
- const struct ip6t_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1105,7 +1105,7 @@ void print_rule6(const struct ip6t_entry *e,
print_iface('o', e->ipv6.outiface, e->ipv6.outiface_mask,
e->ipv6.invflags & IP6T_INV_VIA_OUT);
- print_proto(e->ipv6.proto, e->ipv6.invflags & IP6T_INV_PROTO);
+ print_proto(e->ipv6.proto, e->ipv6.invflags & XT_INV_PROTO);
#if 0
/* not definied in ipv6
@@ -1153,11 +1153,11 @@ void print_rule6(const struct ip6t_entry *e,
if (target->save)
target->save(&e->ipv6, t);
else {
- /* If the target size is greater than ip6t_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ip6t_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
@@ -1187,7 +1187,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
continue;
if (ip6tc_builtin(this, handle)) {
- struct ip6t_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, ip6tc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1224,7 +1224,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
static struct ip6t_entry *
generate_entry(const struct ip6t_entry *fw,
struct xtables_rule_match *matches,
- struct ip6t_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1282,7 +1282,7 @@ static void command_jump(struct iptables_command_state *cs)
if (cs->target == NULL)
return;
- size = XT_ALIGN(sizeof(struct ip6t_entry_target)) + cs->target->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_target)) + cs->target->size;
cs->target->t = xtables_calloc(1, size);
cs->target->t->u.target_size = size;
@@ -1311,7 +1311,7 @@ static void command_match(struct iptables_command_state *cs)
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
- size = XT_ALIGN(sizeof(struct ip6t_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
@@ -1548,12 +1548,12 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle
cs.fw6.ipv6.flags |= IP6T_F_PROTO;
if (cs.fw6.ipv6.proto == 0
- && (cs.fw6.ipv6.invflags & IP6T_INV_PROTO))
+ && (cs.fw6.ipv6.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
if (is_exthdr(cs.fw6.ipv6.proto)
- && (cs.fw6.ipv6.invflags & IP6T_INV_PROTO) == 0)
+ && (cs.fw6.ipv6.invflags & XT_INV_PROTO) == 0)
fprintf(stderr,
"Warning: never matched protocol: %s. "
"use extension match instead.\n",
@@ -1824,10 +1824,10 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle
|| ip6tc_is_chain(cs.jumpto, *handle))) {
size_t size;
- cs.target = xtables_find_target(IP6T_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ip6t_entry_target)
+ size = sizeof(struct xt_entry_target)
+ cs.target->size;
cs.target->t = xtables_calloc(1, size);
cs.target->t->u.target_size = size;
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 7152d75..001da73 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -76,7 +76,7 @@ static struct xtc_handle *create_handle(const char *tablename)
return handle;
}
-static int parse_counters(char *string, struct ipt_counters *ctr)
+static int parse_counters(char *string, struct xt_counters *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
@@ -119,7 +119,7 @@ iptables_restore_main(int argc, char *argv[])
struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
- char curtable[IPT_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
@@ -217,8 +217,8 @@ iptables_restore_main(int argc, char *argv[])
prog_name, line);
exit(1);
}
- strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
- curtable[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
+ curtable[XT_TABLE_MAXNAMELEN] = '\0';
if (tablename && (strcmp(tablename, table) != 0))
continue;
@@ -288,7 +288,7 @@ iptables_restore_main(int argc, char *argv[])
}
if (strcmp(policy, "-") != 0) {
- struct ipt_counters count;
+ struct xt_counters count;
if (counters) {
char *ctrs;
@@ -300,8 +300,7 @@ iptables_restore_main(int argc, char *argv[])
"for chain '%s'\n", chain);
} else {
- memset(&count, 0,
- sizeof(struct ipt_counters));
+ memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index ff42f88..e599fce 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -36,7 +36,7 @@ static int for_each_table(int (*func)(const char *tablename))
{
int ret = 1;
FILE *procfile = NULL;
- char tablename[IPT_TABLE_MAXNAMELEN+1];
+ char tablename[XT_TABLE_MAXNAMELEN+1];
procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
@@ -87,7 +87,7 @@ static int do_output(const char *tablename)
printf(":%s ", chain);
if (iptc_builtin(chain, h)) {
- struct ipt_counters count;
+ struct xt_counters count;
printf("%s ",
iptc_get_policy(chain, &count, h));
printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c
index 4ecddcb..4b12bd4 100644
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -56,7 +56,7 @@ print_usage(const char *name, const char *version)
}
static int
-parse_counters(char *string, struct ipt_counters *ctr)
+parse_counters(char *string, struct xt_counters *ctr)
{
__u64 *pcnt, *bcnt;
@@ -81,16 +81,16 @@ static unsigned int oldargc = 0;
/* arg meta data, were they quoted, frinstance */
static int newargvattr[255];
-#define IPT_CHAIN_MAXNAMELEN IPT_TABLE_MAXNAMELEN
-static char closeActionTag[IPT_TABLE_MAXNAMELEN + 1];
-static char closeRuleTag[IPT_TABLE_MAXNAMELEN + 1];
-static char curTable[IPT_TABLE_MAXNAMELEN + 1];
-static char curChain[IPT_CHAIN_MAXNAMELEN + 1];
+#define XT_CHAIN_MAXNAMELEN XT_TABLE_MAXNAMELEN
+static char closeActionTag[XT_TABLE_MAXNAMELEN + 1];
+static char closeRuleTag[XT_TABLE_MAXNAMELEN + 1];
+static char curTable[XT_TABLE_MAXNAMELEN + 1];
+static char curChain[XT_CHAIN_MAXNAMELEN + 1];
struct chain {
char *chain;
char *policy;
- struct ipt_counters count;
+ struct xt_counters count;
int created;
};
@@ -233,12 +233,12 @@ closeChain(void)
}
static void
-openChain(char *chain, char *policy, struct ipt_counters *ctr, char close)
+openChain(char *chain, char *policy, struct xt_counters *ctr, char close)
{
closeChain();
- strncpy(curChain, chain, IPT_CHAIN_MAXNAMELEN);
- curChain[IPT_CHAIN_MAXNAMELEN] = '\0';
+ strncpy(curChain, chain, XT_CHAIN_MAXNAMELEN);
+ curChain[XT_CHAIN_MAXNAMELEN] = '\0';
printf(" <chain ");
xmlAttrS("name", curChain);
@@ -287,7 +287,7 @@ needChain(char *chain)
}
static void
-saveChain(char *chain, char *policy, struct ipt_counters *ctr)
+saveChain(char *chain, char *policy, struct xt_counters *ctr)
{
if (nextChain >= maxChains) {
xtables_error(PARAMETER_PROBLEM,
@@ -332,8 +332,8 @@ openTable(char *table)
{
closeTable();
- strncpy(curTable, table, IPT_TABLE_MAXNAMELEN);
- curTable[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curTable, table, XT_TABLE_MAXNAMELEN);
+ curTable[XT_TABLE_MAXNAMELEN] = '\0';
printf(" <table ");
xmlAttrS("name", curTable);
@@ -592,8 +592,8 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
xmlAttrS("byte-count", bcnt);
printf(">\n");
- strncpy(closeRuleTag, " </rule>\n", IPT_TABLE_MAXNAMELEN);
- closeRuleTag[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(closeRuleTag, " </rule>\n", XT_TABLE_MAXNAMELEN);
+ closeRuleTag[XT_TABLE_MAXNAMELEN] = '\0';
/* no point in writing out condition if there isn't one */
if (argc >= 3 && !isTarget(argv[2])) {
@@ -607,8 +607,8 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
if (!closeActionTag[0]) {
printf(" <actions>\n");
strncpy(closeActionTag, " </actions>\n",
- IPT_TABLE_MAXNAMELEN);
- closeActionTag[IPT_TABLE_MAXNAMELEN] = '\0';
+ XT_TABLE_MAXNAMELEN);
+ closeActionTag[XT_TABLE_MAXNAMELEN] = '\0';
}
do_rule_part(NULL, NULL, 1, argc, argv, argvattr);
}
@@ -694,7 +694,7 @@ iptables_xml_main(int argc, char *argv[])
} else if ((buffer[0] == ':') && (curTable[0])) {
/* New chain. */
char *policy, *chain;
- struct ipt_counters count;
+ struct xt_counters count;
char *ctrs;
chain = strtok(buffer + 1, " \t\n");
diff --git a/iptables/iptables.c b/iptables/iptables.c
index d4a7ca1..03ac63b 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -171,7 +171,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
/* -n */ 0,
/* -s */ IPT_INV_SRCIP,
/* -d */ IPT_INV_DSTIP,
-/* -p */ IPT_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
@@ -473,7 +473,7 @@ print_num(uint64_t number, unsigned int format)
static void
print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ipt_counters counters;
+ struct xt_counters counters;
const char *pol = iptc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
@@ -521,7 +521,7 @@ print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
static int
-print_match(const struct ipt_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ipt_ip *ip,
int numeric)
{
@@ -550,14 +550,14 @@ print_firewall(const struct ipt_entry *fw,
struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
- const struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
uint8_t flags;
char buf[BUFSIZ];
if (!iptc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IPT_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ipt_get_target((struct ipt_entry *)fw);
@@ -574,7 +574,7 @@ print_firewall(const struct ipt_entry *fw,
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ip.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
if (pname)
@@ -671,7 +671,7 @@ static void
print_firewall_line(const struct ipt_entry *fw,
struct xtc_handle *const h)
{
- struct ipt_entry_target *t;
+ struct xt_entry_target *t;
t = ipt_get_target((struct ipt_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
@@ -768,10 +768,10 @@ make_delete_mask(const struct xtables_rule_match *matches,
size = sizeof(struct ipt_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + XT_ALIGN(sizeof(struct ipt_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ipt_entry));
@@ -779,13 +779,13 @@ make_delete_mask(const struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ipt_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ipt_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
@@ -1041,7 +1041,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
}
}
-static int print_match_save(const struct ipt_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ipt_ip *ip)
{
const struct xtables_match *match =
@@ -1099,7 +1099,7 @@ static void print_ip(const char *prefix, uint32_t ip,
void print_rule4(const struct ipt_entry *e,
struct xtc_handle *h, const char *chain, int counters)
{
- const struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1122,7 +1122,7 @@ void print_rule4(const struct ipt_entry *e,
print_iface('o', e->ip.outiface, e->ip.outiface_mask,
e->ip.invflags & IPT_INV_VIA_OUT);
- print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
+ print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO);
if (e->ip.flags & IPT_F_FRAG)
printf("%s -f",
@@ -1161,11 +1161,11 @@ void print_rule4(const struct ipt_entry *e,
if (target->save)
target->save(&e->ip, t);
else {
- /* If the target size is greater than ipt_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ipt_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
@@ -1195,7 +1195,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
continue;
if (iptc_builtin(this, handle)) {
- struct ipt_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, iptc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1232,7 +1232,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
static struct ipt_entry *
generate_entry(const struct ipt_entry *fw,
struct xtables_rule_match *matches,
- struct ipt_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1290,7 +1290,7 @@ static void command_jump(struct iptables_command_state *cs)
if (cs->target == NULL)
return;
- size = XT_ALIGN(sizeof(struct ipt_entry_target))
+ size = XT_ALIGN(sizeof(struct xt_entry_target))
+ cs->target->size;
cs->target->t = xtables_calloc(1, size);
@@ -1321,7 +1321,7 @@ static void command_match(struct iptables_command_state *cs)
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
- size = XT_ALIGN(sizeof(struct ipt_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
@@ -1559,7 +1559,7 @@ int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle
cs.fw.ip.proto = xtables_parse_protocol(cs.protocol);
if (cs.fw.ip.proto == 0
- && (cs.fw.ip.invflags & IPT_INV_PROTO))
+ && (cs.fw.ip.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
break;
@@ -1837,10 +1837,10 @@ int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle
|| iptc_is_chain(cs.jumpto, *handle))) {
size_t size;
- cs.target = xtables_find_target(IPT_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ipt_entry_target)
+ size = sizeof(struct xt_entry_target)
+ cs.target->size;
cs.target->t = xtables_calloc(1, size);
cs.target->t->u.target_size = size;
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 79da507..e61c28c 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -139,7 +139,7 @@ int command_default(struct iptables_command_state *cs,
cs->proto_used = 1;
- size = XT_ALIGN(sizeof(struct ip6t_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index cf29238..c55cbc7 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -37,23 +37,23 @@ typedef unsigned int socklen_t;
#define HOOK_LOCAL_OUT NF_IP_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP_POST_ROUTING
-#define STRUCT_ENTRY_TARGET struct ipt_entry_target
+#define STRUCT_ENTRY_TARGET struct xt_entry_target
#define STRUCT_ENTRY struct ipt_entry
-#define STRUCT_ENTRY_MATCH struct ipt_entry_match
+#define STRUCT_ENTRY_MATCH struct xt_entry_match
#define STRUCT_GETINFO struct ipt_getinfo
#define STRUCT_GET_ENTRIES struct ipt_get_entries
-#define STRUCT_COUNTERS struct ipt_counters
-#define STRUCT_COUNTERS_INFO struct ipt_counters_info
-#define STRUCT_STANDARD_TARGET struct ipt_standard_target
+#define STRUCT_COUNTERS struct xt_counters
+#define STRUCT_COUNTERS_INFO struct xt_counters_info
+#define STRUCT_STANDARD_TARGET struct xt_standard_target
#define STRUCT_REPLACE struct ipt_replace
#define ENTRY_ITERATE IPT_ENTRY_ITERATE
-#define TABLE_MAXNAMELEN IPT_TABLE_MAXNAMELEN
-#define FUNCTION_MAXNAMELEN IPT_FUNCTION_MAXNAMELEN
+#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define GET_TARGET ipt_get_target
-#define ERROR_TARGET IPT_ERROR_TARGET
+#define ERROR_TARGET XT_ERROR_TARGET
#define NUMHOOKS NF_IP_NUMHOOKS
#define IPT_CHAINLABEL xt_chainlabel
@@ -100,14 +100,14 @@ typedef unsigned int socklen_t;
#define SO_GET_ENTRIES IPT_SO_GET_ENTRIES
#define SO_GET_VERSION IPT_SO_GET_VERSION
-#define STANDARD_TARGET IPT_STANDARD_TARGET
+#define STANDARD_TARGET XT_STANDARD_TARGET
#define LABEL_RETURN IPTC_LABEL_RETURN
#define LABEL_ACCEPT IPTC_LABEL_ACCEPT
#define LABEL_DROP IPTC_LABEL_DROP
#define LABEL_QUEUE IPTC_LABEL_QUEUE
#define ALIGN XT_ALIGN
-#define RETURN IPT_RETURN
+#define RETURN XT_RETURN
#include "libiptc.c"
@@ -160,7 +160,7 @@ dump_entry(struct ipt_entry *e, struct xtc_handle *const handle)
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
- } else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0)
+ } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
@@ -203,7 +203,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b, unsigned char *matchmask)
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += XT_ALIGN(sizeof(struct ipt_entry_target));
+ mptr += XT_ALIGN(sizeof(struct xt_entry_target));
return mptr;
}
@@ -271,14 +271,14 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
idx = iptcb_entry2index(h, te);
assert(strcmp(GET_TARGET(te)->u.user.name,
- IPT_ERROR_TARGET)
+ XT_ERROR_TARGET)
!= 0);
assert(te != e);
/* Prior node must be error node, or this node. */
assert(t->verdict == iptcb_entry2offset(h, e)+e->next_offset
|| strcmp(GET_TARGET(index2entry(h, idx-1))
- ->u.user.name, IPT_ERROR_TARGET)
+ ->u.user.name, XT_ERROR_TARGET)
== 0);
}
@@ -288,7 +288,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
*was_return = 1;
else
*was_return = 0;
- } else if (strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0) {
+ } else if (strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0) {
assert(t->target.u.target_size
== ALIGN(sizeof(struct ipt_error_target)));
@@ -301,7 +301,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
else *was_return = 0;
if (*off == user_offset)
- assert(strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0);
+ assert(strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0);
(*off) += e->next_offset;
(*i)++;
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 636466f..9febee3 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -35,23 +35,23 @@ typedef unsigned int socklen_t;
#define HOOK_LOCAL_OUT NF_IP6_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP6_POST_ROUTING
-#define STRUCT_ENTRY_TARGET struct ip6t_entry_target
+#define STRUCT_ENTRY_TARGET struct xt_entry_target
#define STRUCT_ENTRY struct ip6t_entry
-#define STRUCT_ENTRY_MATCH struct ip6t_entry_match
+#define STRUCT_ENTRY_MATCH struct xt_entry_match
#define STRUCT_GETINFO struct ip6t_getinfo
#define STRUCT_GET_ENTRIES struct ip6t_get_entries
-#define STRUCT_COUNTERS struct ip6t_counters
-#define STRUCT_COUNTERS_INFO struct ip6t_counters_info
-#define STRUCT_STANDARD_TARGET struct ip6t_standard_target
+#define STRUCT_COUNTERS struct xt_counters
+#define STRUCT_COUNTERS_INFO struct xt_counters_info
+#define STRUCT_STANDARD_TARGET struct xt_standard_target
#define STRUCT_REPLACE struct ip6t_replace
#define ENTRY_ITERATE IP6T_ENTRY_ITERATE
-#define TABLE_MAXNAMELEN IP6T_TABLE_MAXNAMELEN
-#define FUNCTION_MAXNAMELEN IP6T_FUNCTION_MAXNAMELEN
+#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define GET_TARGET ip6t_get_target
-#define ERROR_TARGET IP6T_ERROR_TARGET
+#define ERROR_TARGET XT_ERROR_TARGET
#define NUMHOOKS NF_IP6_NUMHOOKS
#define IPT_CHAINLABEL xt_chainlabel
@@ -98,14 +98,14 @@ typedef unsigned int socklen_t;
#define SO_GET_ENTRIES IP6T_SO_GET_ENTRIES
#define SO_GET_VERSION IP6T_SO_GET_VERSION
-#define STANDARD_TARGET IP6T_STANDARD_TARGET
+#define STANDARD_TARGET XT_STANDARD_TARGET
#define LABEL_RETURN IP6TC_LABEL_RETURN
#define LABEL_ACCEPT IP6TC_LABEL_ACCEPT
#define LABEL_DROP IP6TC_LABEL_DROP
#define LABEL_QUEUE IP6TC_LABEL_QUEUE
#define ALIGN XT_ALIGN
-#define RETURN IP6T_RETURN
+#define RETURN XT_RETURN
#include "libiptc.c"
@@ -133,7 +133,7 @@ dump_entry(struct ip6t_entry *e, struct xtc_handle *const handle)
size_t i;
char buf[40];
int len;
- struct ip6t_entry_target *t;
+ struct xt_entry_target *t;
printf("Entry %u (%lu):\n", iptcb_entry2index(handle, e),
iptcb_entry2offset(handle, e));
@@ -182,18 +182,18 @@ dump_entry(struct ip6t_entry *e, struct xtc_handle *const handle)
t = ip6t_get_target(e);
printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
- if (strcmp(t->u.user.name, IP6T_STANDARD_TARGET) == 0) {
+ if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
const unsigned char *data = t->data;
int pos = *(const int *)data;
if (pos < 0)
printf("verdict=%s\n",
pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
: pos == -NF_DROP-1 ? "NF_DROP"
- : pos == IP6T_RETURN ? "RETURN"
+ : pos == XT_RETURN ? "RETURN"
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
- } else if (strcmp(t->u.user.name, IP6T_ERROR_TARGET) == 0)
+ } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
@@ -238,7 +238,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b,
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += XT_ALIGN(sizeof(struct ip6t_entry_target));
+ mptr += XT_ALIGN(sizeof(struct xt_entry_target));
return mptr;
}
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 8/9] libiptc: use a family-invariant xtc_ops struct for code reduction
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
` (6 preceding siblings ...)
2011-09-11 15:35 ` [PATCH 7/9] src: resolve old macro names that are indirections Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
2011-09-11 15:35 ` [PATCH 9/9] ip6tables-restore: make code look alike with iptables-restore Jan Engelhardt
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/libiptc/libip6tc.h | 2 ++
include/libiptc/libiptc.h | 2 ++
include/libiptc/xtcshared.h | 13 +++++++++++++
libiptc/Makefile.am | 4 ++--
libiptc/libip4tc.c | 1 +
libiptc/libip6tc.c | 1 +
libiptc/libiptc.c | 12 ++++++++++++
7 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index 61c1e7f..c656bc4 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -159,4 +159,6 @@ int ipv6_prefix_length(const struct in6_addr *a);
extern void dump_entries6(struct xtc_handle *const);
+extern const struct xtc_ops ip6tc_ops;
+
#endif /* _LIBIP6TC_H */
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index 6f64f5a..24cdbdb 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -162,6 +162,8 @@ const char *iptc_strerror(int err);
extern void dump_entries(struct xtc_handle *const);
+extern const struct xtc_ops iptc_ops;
+
#ifdef __cplusplus
}
#endif
diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
index 89a5151..773ebc4 100644
--- a/include/libiptc/xtcshared.h
+++ b/include/libiptc/xtcshared.h
@@ -3,5 +3,18 @@
typedef char xt_chainlabel[32];
struct xtc_handle;
+struct xt_counters;
+
+struct xtc_ops {
+ int (*commit)(struct xtc_handle *);
+ void (*free)(struct xtc_handle *);
+ int (*builtin)(const char *, struct xtc_handle *const);
+ int (*is_chain)(const char *, struct xtc_handle *const);
+ int (*flush_entries)(const xt_chainlabel, struct xtc_handle *);
+ int (*create_chain)(const xt_chainlabel, struct xtc_handle *);
+ int (*set_policy)(const xt_chainlabel, const xt_chainlabel,
+ struct xt_counters *, struct xtc_handle *);
+ const char *(*strerror)(int);
+};
#endif /* _LIBXTC_SHARED_H */
diff --git a/libiptc/Makefile.am b/libiptc/Makefile.am
index 22c920f..0b59007 100644
--- a/libiptc/Makefile.am
+++ b/libiptc/Makefile.am
@@ -10,6 +10,6 @@ libiptc_la_SOURCES =
libiptc_la_LIBADD = libip4tc.la libip6tc.la
libiptc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
libip4tc_la_SOURCES = libip4tc.c
-libip4tc_la_LDFLAGS = -version-info 0:0:0
+libip4tc_la_LDFLAGS = -version-info 1:0:1
libip6tc_la_SOURCES = libip6tc.c
-libip6tc_la_LDFLAGS = -version-info 0:0:0 ${libiptc_LDFLAGS2}
+libip6tc_la_LDFLAGS = -version-info 1:0:1 ${libiptc_LDFLAGS2}
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index c55cbc7..dd59951 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -90,6 +90,7 @@ typedef unsigned int socklen_t;
#define TC_STRERROR iptc_strerror
#define TC_NUM_RULES iptc_num_rules
#define TC_GET_RULE iptc_get_rule
+#define TC_OPS iptc_ops
#define TC_AF AF_INET
#define TC_IPPROTO IPPROTO_IP
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 9febee3..7128e1c 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -88,6 +88,7 @@ typedef unsigned int socklen_t;
#define TC_STRERROR ip6tc_strerror
#define TC_NUM_RULES ip6tc_num_rules
#define TC_GET_RULE ip6tc_get_rule
+#define TC_OPS ip6tc_ops
#define TC_AF AF_INET6
#define TC_IPPROTO IPPROTO_IPV6
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 593c5de..63fcfc2 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -33,6 +33,7 @@
#include <sys/socket.h>
#include <stdbool.h>
#include <xtables.h>
+#include <libiptc/xtcshared.h>
#include "linux_list.h"
@@ -2731,3 +2732,14 @@ TC_STRERROR(int err)
return strerror(err);
}
+
+const struct xtc_ops TC_OPS = {
+ .commit = TC_COMMIT,
+ .free = TC_FREE,
+ .builtin = TC_BUILTIN,
+ .is_chain = TC_IS_CHAIN,
+ .flush_entries = TC_FLUSH_ENTRIES,
+ .create_chain = TC_CREATE_CHAIN,
+ .set_policy = TC_SET_POLICY,
+ .strerror = TC_STRERROR,
+};
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 9/9] ip6tables-restore: make code look alike with iptables-restore
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
` (7 preceding siblings ...)
2011-09-11 15:35 ` [PATCH 8/9] libiptc: use a family-invariant xtc_ops struct for code reduction Jan Engelhardt
@ 2011-09-11 15:35 ` Jan Engelhardt
8 siblings, 0 replies; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-11 15:35 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
iptables/ip6tables-restore.c | 34 +++++++++++++++-------------------
iptables/iptables-restore.c | 29 +++++++++++++++--------------
2 files changed, 30 insertions(+), 33 deletions(-)
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 073e42b..92bdc30 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -123,6 +123,7 @@ int ip6tables_restore_main(int argc, char *argv[])
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
+ const struct xtc_ops *ops = &ip6tc_ops;
line = 0;
@@ -197,8 +198,8 @@ int ip6tables_restore_main(int argc, char *argv[])
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
- ret = ip6tc_commit(handle);
- ip6tc_free(handle);
+ ret = ops->commit(handle);
+ ops->free(handle);
handle = NULL;
} else {
DEBUGP("Not calling commit, testing\n");
@@ -214,8 +215,7 @@ int ip6tables_restore_main(int argc, char *argv[])
if (!table) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
@@ -224,7 +224,7 @@ int ip6tables_restore_main(int argc, char *argv[])
if (tablename != NULL && strcmp(tablename, table) != 0)
continue;
if (handle)
- ip6tc_free(handle);
+ ops->free(handle);
handle = create_handle(table);
if (noflush == 0) {
@@ -251,8 +251,7 @@ int ip6tables_restore_main(int argc, char *argv[])
if (!chain) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
@@ -262,17 +261,17 @@ int ip6tables_restore_main(int argc, char *argv[])
"(%u chars max)",
chain, XT_EXTENSION_MAXNAMELEN - 1);
- if (ip6tc_builtin(chain, handle) <= 0) {
- if (noflush && ip6tc_is_chain(chain, handle)) {
+ if (ops->builtin(chain, handle) <= 0) {
+ if (noflush && ops->is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
- if (!ip6tc_flush_entries(chain, handle))
+ if (!ops->flush_entries(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
- if (!ip6tc_create_chain(chain, handle))
+ if (!ops->create_chain(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
@@ -285,8 +284,7 @@ int ip6tables_restore_main(int argc, char *argv[])
if (!policy) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
@@ -309,13 +307,13 @@ int ip6tables_restore_main(int argc, char *argv[])
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
- if (!ip6tc_set_policy(chain, policy, &count,
+ if (!ops->set_policy(chain, policy, &count,
handle))
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
policy, chain, line,
- ip6tc_strerror(errno));
+ ops->strerror(errno));
}
ret = 1;
@@ -452,15 +450,13 @@ int ip6tables_restore_main(int argc, char *argv[])
continue;
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
- ip6tables_globals.program_name,
- line);
+ xt_params->program_name, line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
- ip6tables_globals.program_name,
- line + 1);
+ xt_params->program_name, line + 1);
exit(1);
}
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 001da73..6b1c792 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -123,6 +123,7 @@ iptables_restore_main(int argc, char *argv[])
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
+ const struct xtc_ops *ops = &iptc_ops;
line = 0;
@@ -197,8 +198,8 @@ iptables_restore_main(int argc, char *argv[])
} else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) {
if (!testing) {
DEBUGP("Calling commit\n");
- ret = iptc_commit(handle);
- iptc_free(handle);
+ ret = ops->commit(handle);
+ ops->free(handle);
handle = NULL;
} else {
DEBUGP("Not calling commit, testing\n");
@@ -214,7 +215,7 @@ iptables_restore_main(int argc, char *argv[])
if (!table) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u table name invalid\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
@@ -223,7 +224,7 @@ iptables_restore_main(int argc, char *argv[])
if (tablename && (strcmp(tablename, table) != 0))
continue;
if (handle)
- iptc_free(handle);
+ ops->free(handle);
handle = create_handle(table);
if (noflush == 0) {
@@ -250,7 +251,7 @@ iptables_restore_main(int argc, char *argv[])
if (!chain) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u chain name invalid\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
@@ -260,17 +261,17 @@ iptables_restore_main(int argc, char *argv[])
"(%u chars max)",
chain, XT_EXTENSION_MAXNAMELEN - 1);
- if (iptc_builtin(chain, handle) <= 0) {
- if (noflush && iptc_is_chain(chain, handle)) {
+ if (ops->builtin(chain, handle) <= 0) {
+ if (noflush && ops->is_chain(chain, handle)) {
DEBUGP("Flushing existing user defined chain '%s'\n", chain);
- if (!iptc_flush_entries(chain, handle))
+ if (!ops->flush_entries(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error flushing chain "
"'%s':%s\n", chain,
strerror(errno));
} else {
DEBUGP("Creating new chain '%s'\n", chain);
- if (!iptc_create_chain(chain, handle))
+ if (!ops->create_chain(chain, handle))
xtables_error(PARAMETER_PROBLEM,
"error creating chain "
"'%s':%s\n", chain,
@@ -283,7 +284,7 @@ iptables_restore_main(int argc, char *argv[])
if (!policy) {
xtables_error(PARAMETER_PROBLEM,
"%s: line %u policy invalid\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
@@ -306,13 +307,13 @@ iptables_restore_main(int argc, char *argv[])
DEBUGP("Setting policy of chain %s to %s\n",
chain, policy);
- if (!iptc_set_policy(chain, policy, &count,
+ if (!ops->set_policy(chain, policy, &count,
handle))
xtables_error(OTHER_PROBLEM,
"Can't set policy `%s'"
" on `%s' line %u: %s\n",
policy, chain, line,
- iptc_strerror(errno));
+ ops->strerror(errno));
}
ret = 1;
@@ -449,13 +450,13 @@ iptables_restore_main(int argc, char *argv[])
continue;
if (!ret) {
fprintf(stderr, "%s: line %u failed\n",
- prog_name, line);
+ xt_params->program_name, line);
exit(1);
}
}
if (in_table) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
- prog_name, line + 1);
+ xt_params->program_name, line + 1);
exit(1);
}
--
1.7.3.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 2/9] iptables-save: remove binary dumping dead code
2011-09-11 15:35 ` [PATCH 2/9] iptables-save: remove binary dumping dead code Jan Engelhardt
@ 2011-09-12 9:32 ` Pablo Neira Ayuso
2011-09-12 10:48 ` Jan Engelhardt
0 siblings, 1 reply; 16+ messages in thread
From: Pablo Neira Ayuso @ 2011-09-12 9:32 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
On Sun, Sep 11, 2011 at 05:35:51PM +0200, Jan Engelhardt wrote:
> Was never implemented, kill it.
>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> iptables/ip6tables-save.c | 80 +++++++++++++++++++--------------------------
> iptables/iptables-save.c | 80 +++++++++++++++++++--------------------------
> 2 files changed, 68 insertions(+), 92 deletions(-)
>
> diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
> index ad0e70f..38b0c2f 100644
> --- a/iptables/ip6tables-save.c
> +++ b/iptables/ip6tables-save.c
> @@ -22,10 +22,9 @@
> #include <dlfcn.h>
> #endif
>
> -static int show_binary = 0, show_counters = 0;
> +static int show_counters = 0;
>
> static const struct option options[] = {
> - {.name = "binary", .has_arg = false, .val = 'b'},
Please, better something less agressive like displaying a message
telling "-b option was never implemented, ignoring it".
So if anyone, for some strange reason, is using it, their scripts will
not break.
I know this may sound a bit nitpicking but I think it's good to make
sure that we don't break anything.
Thanks.
> {.name = "counters", .has_arg = false, .val = 'c'},
> {.name = "dump", .has_arg = false, .val = 'd'},
> {.name = "table", .has_arg = true, .val = 't'},
> @@ -76,52 +75,45 @@ static int do_output(const char *tablename)
> xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
> ip6tc_strerror(errno));
>
> - if (!show_binary) {
> - time_t now = time(NULL);
> -
> - printf("# Generated by ip6tables-save v%s on %s",
> - IPTABLES_VERSION, ctime(&now));
> - printf("*%s\n", tablename);
> -
> - /* Dump out chain names first,
> - * thereby preventing dependency conflicts */
> - for (chain = ip6tc_first_chain(h);
> - chain;
> - chain = ip6tc_next_chain(h)) {
> -
> - printf(":%s ", chain);
> - if (ip6tc_builtin(chain, h)) {
> - struct ip6t_counters count;
> - printf("%s ",
> - ip6tc_get_policy(chain, &count, h));
> - printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> - } else {
> - printf("- [0:0]\n");
> - }
> + time_t now = time(NULL);
> +
> + printf("# Generated by ip6tables-save v%s on %s",
> + IPTABLES_VERSION, ctime(&now));
> + printf("*%s\n", tablename);
> +
> + /* Dump out chain names first,
> + * thereby preventing dependency conflicts */
> + for (chain = ip6tc_first_chain(h);
> + chain;
> + chain = ip6tc_next_chain(h)) {
> +
> + printf(":%s ", chain);
> + if (ip6tc_builtin(chain, h)) {
> + struct ip6t_counters count;
> + printf("%s ",
> + ip6tc_get_policy(chain, &count, h));
> + printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> + } else {
> + printf("- [0:0]\n");
> }
> + }
>
> + for (chain = ip6tc_first_chain(h);
> + chain;
> + chain = ip6tc_next_chain(h)) {
> + const struct ip6t_entry *e;
>
> - for (chain = ip6tc_first_chain(h);
> - chain;
> - chain = ip6tc_next_chain(h)) {
> - const struct ip6t_entry *e;
> -
> - /* Dump out rules */
> - e = ip6tc_first_rule(chain, h);
> - while(e) {
> - print_rule6(e, h, chain, show_counters);
> - e = ip6tc_next_rule(e, h);
> - }
> + /* Dump out rules */
> + e = ip6tc_first_rule(chain, h);
> + while(e) {
> + print_rule6(e, h, chain, show_counters);
> + e = ip6tc_next_rule(e, h);
> }
> -
> - now = time(NULL);
> - printf("COMMIT\n");
> - printf("# Completed on %s", ctime(&now));
> - } else {
> - /* Binary, huh? OK. */
> - xtables_error(OTHER_PROBLEM, "Binary NYI\n");
> }
>
> + now = time(NULL);
> + printf("COMMIT\n");
> + printf("# Completed on %s", ctime(&now));
> ip6tc_free(h);
>
> return 1;
> @@ -151,10 +143,6 @@ int ip6tables_save_main(int argc, char *argv[])
>
> while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
> switch (c) {
> - case 'b':
> - show_binary = 1;
> - break;
> -
> case 'c':
> show_counters = 1;
> break;
> diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
> index 73fba12..a25a186 100644
> --- a/iptables/iptables-save.c
> +++ b/iptables/iptables-save.c
> @@ -21,10 +21,9 @@
> #include <dlfcn.h>
> #endif
>
> -static int show_binary = 0, show_counters = 0;
> +static int show_counters = 0;
>
> static const struct option options[] = {
> - {.name = "binary", .has_arg = false, .val = 'b'},
> {.name = "counters", .has_arg = false, .val = 'c'},
> {.name = "dump", .has_arg = false, .val = 'd'},
> {.name = "table", .has_arg = true, .val = 't'},
> @@ -74,52 +73,45 @@ static int do_output(const char *tablename)
> xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
> iptc_strerror(errno));
>
> - if (!show_binary) {
> - time_t now = time(NULL);
> -
> - printf("# Generated by iptables-save v%s on %s",
> - IPTABLES_VERSION, ctime(&now));
> - printf("*%s\n", tablename);
> -
> - /* Dump out chain names first,
> - * thereby preventing dependency conflicts */
> - for (chain = iptc_first_chain(h);
> - chain;
> - chain = iptc_next_chain(h)) {
> -
> - printf(":%s ", chain);
> - if (iptc_builtin(chain, h)) {
> - struct ipt_counters count;
> - printf("%s ",
> - iptc_get_policy(chain, &count, h));
> - printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> - } else {
> - printf("- [0:0]\n");
> - }
> + time_t now = time(NULL);
> +
> + printf("# Generated by iptables-save v%s on %s",
> + IPTABLES_VERSION, ctime(&now));
> + printf("*%s\n", tablename);
> +
> + /* Dump out chain names first,
> + * thereby preventing dependency conflicts */
> + for (chain = iptc_first_chain(h);
> + chain;
> + chain = iptc_next_chain(h)) {
> +
> + printf(":%s ", chain);
> + if (iptc_builtin(chain, h)) {
> + struct ipt_counters count;
> + printf("%s ",
> + iptc_get_policy(chain, &count, h));
> + printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
> + } else {
> + printf("- [0:0]\n");
> }
> + }
>
> + for (chain = iptc_first_chain(h);
> + chain;
> + chain = iptc_next_chain(h)) {
> + const struct ipt_entry *e;
>
> - for (chain = iptc_first_chain(h);
> - chain;
> - chain = iptc_next_chain(h)) {
> - const struct ipt_entry *e;
> -
> - /* Dump out rules */
> - e = iptc_first_rule(chain, h);
> - while(e) {
> - print_rule4(e, h, chain, show_counters);
> - e = iptc_next_rule(e, h);
> - }
> + /* Dump out rules */
> + e = iptc_first_rule(chain, h);
> + while(e) {
> + print_rule4(e, h, chain, show_counters);
> + e = iptc_next_rule(e, h);
> }
> -
> - now = time(NULL);
> - printf("COMMIT\n");
> - printf("# Completed on %s", ctime(&now));
> - } else {
> - /* Binary, huh? OK. */
> - xtables_error(OTHER_PROBLEM, "Binary NYI\n");
> }
>
> + now = time(NULL);
> + printf("COMMIT\n");
> + printf("# Completed on %s", ctime(&now));
> iptc_free(h);
>
> return 1;
> @@ -150,10 +142,6 @@ iptables_save_main(int argc, char *argv[])
>
> while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
> switch (c) {
> - case 'b':
> - show_binary = 1;
> - break;
> -
> case 'c':
> show_counters = 1;
> break;
> --
> 1.7.3.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 4/9] libiptc: combine common types
2011-09-11 15:35 ` [PATCH 4/9] libiptc: combine common types Jan Engelhardt
@ 2011-09-12 9:36 ` Pablo Neira Ayuso
2011-09-12 10:43 ` Jan Engelhardt
0 siblings, 1 reply; 16+ messages in thread
From: Pablo Neira Ayuso @ 2011-09-12 9:36 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
On Sun, Sep 11, 2011 at 05:35:53PM +0200, Jan Engelhardt wrote:
> Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel,
> and add backward-API #defines. The ABI naturally does not change
> either, so no soversion bump.
>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> include/Makefile.am | 2 +-
> include/libiptc/libip6tc.h | 3 ++-
> include/libiptc/libiptc.h | 3 ++-
> include/libiptc/xtcshared.h | 6 ++++++
> 4 files changed, 11 insertions(+), 3 deletions(-)
> create mode 100644 include/libiptc/xtcshared.h
>
> diff --git a/include/Makefile.am b/include/Makefile.am
> index 0a1abea..6f7da59 100644
> --- a/include/Makefile.am
> +++ b/include/Makefile.am
> @@ -9,4 +9,4 @@ endif
>
> nobase_include_HEADERS += \
> libiptc/ipt_kernel_headers.h libiptc/libiptc.h \
> - libiptc/libip6tc.h libiptc/libxtc.h
> + libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h
> diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
> index 4f2d1f8..55e0bfc 100644
> --- a/include/libiptc/libip6tc.h
> +++ b/include/libiptc/libip6tc.h
> @@ -10,10 +10,11 @@
> # include <limits.h> /* INT_MAX in ip6_tables.h */
> #endif
> #include <linux/netfilter_ipv6/ip6_tables.h>
> +#include <libiptc/xtcshared.h>
>
> struct ip6tc_handle;
>
> -typedef char ip6t_chainlabel[32];
> +#define ip6t_chainlabel xt_chainlabel
>
> #define IP6TC_LABEL_ACCEPT "ACCEPT"
> #define IP6TC_LABEL_DROP "DROP"
> diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
> index 3497d6a..ccbf6bf 100644
> --- a/include/libiptc/libiptc.h
> +++ b/include/libiptc/libiptc.h
> @@ -10,6 +10,7 @@
> # include <limits.h> /* INT_MAX in ip_tables.h */
> #endif
> #include <linux/netfilter_ipv4/ip_tables.h>
> +#include <libiptc/xtcshared.h>
>
> #ifdef __cplusplus
> extern "C" {
> @@ -17,7 +18,7 @@ extern "C" {
>
> struct iptc_handle;
>
> -typedef char ipt_chainlabel[32];
> +#define ipt_chainlabel xt_chainlabel
>
> #define IPTC_LABEL_ACCEPT "ACCEPT"
> #define IPTC_LABEL_DROP "DROP"
> diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
> new file mode 100644
> index 0000000..aaf87a4
> --- /dev/null
> +++ b/include/libiptc/xtcshared.h
> @@ -0,0 +1,6 @@
> +#ifndef _LIBXTC_SHARED_H
> +#define _LIBXTC_SHARED_H 1
> +
> +typedef char xt_chainlabel[32];
> +
> +#endif /* _LIBXTC_SHARED_H */
I think this definition naturally belong to libxtc.h.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 4/9] libiptc: combine common types
2011-09-12 9:36 ` Pablo Neira Ayuso
@ 2011-09-12 10:43 ` Jan Engelhardt
2011-09-12 18:38 ` Pablo Neira Ayuso
0 siblings, 1 reply; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-12 10:43 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
On Monday 2011-09-12 11:36, Pablo Neira Ayuso wrote:
>On Sun, Sep 11, 2011 at 05:35:53PM +0200, Jan Engelhardt wrote:
>> Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel,
>> and add backward-API #defines. The ABI naturally does not change
>> either, so no soversion bump.
>>
>> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
>> ---
>> include/Makefile.am | 2 +-
>> include/libiptc/libip6tc.h | 3 ++-
>> include/libiptc/libiptc.h | 3 ++-
>> include/libiptc/xtcshared.h | 6 ++++++
>> 4 files changed, 11 insertions(+), 3 deletions(-)
>> create mode 100644 include/libiptc/xtcshared.h
>>
>> diff --git a/include/Makefile.am b/include/Makefile.am
>> index 0a1abea..6f7da59 100644
>> --- a/include/Makefile.am
>> +++ b/include/Makefile.am
>> @@ -9,4 +9,4 @@ endif
>>
>> nobase_include_HEADERS += \
>> libiptc/ipt_kernel_headers.h libiptc/libiptc.h \
>> - libiptc/libip6tc.h libiptc/libxtc.h
>> + libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h
>> diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
>> index 4f2d1f8..55e0bfc 100644
>> --- a/include/libiptc/libip6tc.h
>> +++ b/include/libiptc/libip6tc.h
>> @@ -10,10 +10,11 @@
>> # include <limits.h> /* INT_MAX in ip6_tables.h */
>> #endif
>> #include <linux/netfilter_ipv6/ip6_tables.h>
>> +#include <libiptc/xtcshared.h>
>>
>> struct ip6tc_handle;
>>
>> -typedef char ip6t_chainlabel[32];
>> +#define ip6t_chainlabel xt_chainlabel
>>
>> #define IP6TC_LABEL_ACCEPT "ACCEPT"
>> #define IP6TC_LABEL_DROP "DROP"
>> diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
>> index 3497d6a..ccbf6bf 100644
>> --- a/include/libiptc/libiptc.h
>> +++ b/include/libiptc/libiptc.h
>> @@ -10,6 +10,7 @@
>> # include <limits.h> /* INT_MAX in ip_tables.h */
>> #endif
>> #include <linux/netfilter_ipv4/ip_tables.h>
>> +#include <libiptc/xtcshared.h>
>>
>> #ifdef __cplusplus
>> extern "C" {
>> @@ -17,7 +18,7 @@ extern "C" {
>>
>> struct iptc_handle;
>>
>> -typedef char ipt_chainlabel[32];
>> +#define ipt_chainlabel xt_chainlabel
>>
>> #define IPTC_LABEL_ACCEPT "ACCEPT"
>> #define IPTC_LABEL_DROP "DROP"
>> diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
>> new file mode 100644
>> index 0000000..aaf87a4
>> --- /dev/null
>> +++ b/include/libiptc/xtcshared.h
>> @@ -0,0 +1,6 @@
>> +#ifndef _LIBXTC_SHARED_H
>> +#define _LIBXTC_SHARED_H 1
>> +
>> +typedef char xt_chainlabel[32];
>> +
>> +#endif /* _LIBXTC_SHARED_H */
>
>I think this definition naturally belong to libxtc.h.
libiptc.h and libip6tc.h do not happen to include libxtc.h.
As I am checking this again, libxtc.h should probably not even be
exported (only iptables's .c uses it).
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 2/9] iptables-save: remove binary dumping dead code
2011-09-12 9:32 ` Pablo Neira Ayuso
@ 2011-09-12 10:48 ` Jan Engelhardt
2011-09-12 18:52 ` Pablo Neira Ayuso
0 siblings, 1 reply; 16+ messages in thread
From: Jan Engelhardt @ 2011-09-12 10:48 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
On Monday 2011-09-12 11:32, Pablo Neira Ayuso wrote:
>>
>> -static int show_binary = 0, show_counters = 0;
>> +static int show_counters = 0;
>>
>> static const struct option options[] = {
>> - {.name = "binary", .has_arg = false, .val = 'b'},
>
>Please, better something less agressive like displaying a message
>telling "-b option was never implemented, ignoring it".
>
>So if anyone, for some strange reason, is using it, their scripts will
>not break.
>
>I know this may sound a bit nitpicking but I think it's good to make
>sure that we don't break anything.
I think we are not talking about the same thing. If you run
`iptables-save -b`, the program will exit with status 1 without
printing anything related to rules. (Outputs "binary NYI" which, if
you happen to be able to resolve the acronym, expands to "not yet
implemented")
How would that be any better than getting "invalid option: -B"?
It is "NYI". Given the issues with binary representations that have
come up within the last 10 years so far, I doubt that we have a
reason to offer wanting to dump the packed ruleset right now.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 4/9] libiptc: combine common types
2011-09-12 10:43 ` Jan Engelhardt
@ 2011-09-12 18:38 ` Pablo Neira Ayuso
0 siblings, 0 replies; 16+ messages in thread
From: Pablo Neira Ayuso @ 2011-09-12 18:38 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
On Mon, Sep 12, 2011 at 12:43:28PM +0200, Jan Engelhardt wrote:
> On Monday 2011-09-12 11:36, Pablo Neira Ayuso wrote:
>
> >On Sun, Sep 11, 2011 at 05:35:53PM +0200, Jan Engelhardt wrote:
> >> Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel,
> >> and add backward-API #defines. The ABI naturally does not change
> >> either, so no soversion bump.
> >>
> >> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> >> ---
> >> include/Makefile.am | 2 +-
> >> include/libiptc/libip6tc.h | 3 ++-
> >> include/libiptc/libiptc.h | 3 ++-
> >> include/libiptc/xtcshared.h | 6 ++++++
> >> 4 files changed, 11 insertions(+), 3 deletions(-)
> >> create mode 100644 include/libiptc/xtcshared.h
> >>
> >> diff --git a/include/Makefile.am b/include/Makefile.am
> >> index 0a1abea..6f7da59 100644
> >> --- a/include/Makefile.am
> >> +++ b/include/Makefile.am
> >> @@ -9,4 +9,4 @@ endif
> >>
> >> nobase_include_HEADERS += \
> >> libiptc/ipt_kernel_headers.h libiptc/libiptc.h \
> >> - libiptc/libip6tc.h libiptc/libxtc.h
> >> + libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h
> >> diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
> >> index 4f2d1f8..55e0bfc 100644
> >> --- a/include/libiptc/libip6tc.h
> >> +++ b/include/libiptc/libip6tc.h
> >> @@ -10,10 +10,11 @@
> >> # include <limits.h> /* INT_MAX in ip6_tables.h */
> >> #endif
> >> #include <linux/netfilter_ipv6/ip6_tables.h>
> >> +#include <libiptc/xtcshared.h>
> >>
> >> struct ip6tc_handle;
> >>
> >> -typedef char ip6t_chainlabel[32];
> >> +#define ip6t_chainlabel xt_chainlabel
> >>
> >> #define IP6TC_LABEL_ACCEPT "ACCEPT"
> >> #define IP6TC_LABEL_DROP "DROP"
> >> diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
> >> index 3497d6a..ccbf6bf 100644
> >> --- a/include/libiptc/libiptc.h
> >> +++ b/include/libiptc/libiptc.h
> >> @@ -10,6 +10,7 @@
> >> # include <limits.h> /* INT_MAX in ip_tables.h */
> >> #endif
> >> #include <linux/netfilter_ipv4/ip_tables.h>
> >> +#include <libiptc/xtcshared.h>
> >>
> >> #ifdef __cplusplus
> >> extern "C" {
> >> @@ -17,7 +18,7 @@ extern "C" {
> >>
> >> struct iptc_handle;
> >>
> >> -typedef char ipt_chainlabel[32];
> >> +#define ipt_chainlabel xt_chainlabel
> >>
> >> #define IPTC_LABEL_ACCEPT "ACCEPT"
> >> #define IPTC_LABEL_DROP "DROP"
> >> diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h
> >> new file mode 100644
> >> index 0000000..aaf87a4
> >> --- /dev/null
> >> +++ b/include/libiptc/xtcshared.h
> >> @@ -0,0 +1,6 @@
> >> +#ifndef _LIBXTC_SHARED_H
> >> +#define _LIBXTC_SHARED_H 1
> >> +
> >> +typedef char xt_chainlabel[32];
> >> +
> >> +#endif /* _LIBXTC_SHARED_H */
> >
> >I think this definition naturally belong to libxtc.h.
>
> libiptc.h and libip6tc.h do not happen to include libxtc.h.
> As I am checking this again, libxtc.h should probably not even be
> exported (only iptables's .c uses it).
My suggestion was becasue of the naming. libxtc.h sound like the
generic version of libiptc.h and libip6tc.h, but this doesn't seem to
be the case.
It's fine then.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 2/9] iptables-save: remove binary dumping dead code
2011-09-12 10:48 ` Jan Engelhardt
@ 2011-09-12 18:52 ` Pablo Neira Ayuso
0 siblings, 0 replies; 16+ messages in thread
From: Pablo Neira Ayuso @ 2011-09-12 18:52 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
On Mon, Sep 12, 2011 at 12:48:36PM +0200, Jan Engelhardt wrote:
>
> On Monday 2011-09-12 11:32, Pablo Neira Ayuso wrote:
> >>
> >> -static int show_binary = 0, show_counters = 0;
> >> +static int show_counters = 0;
> >>
> >> static const struct option options[] = {
> >> - {.name = "binary", .has_arg = false, .val = 'b'},
> >
> >Please, better something less agressive like displaying a message
> >telling "-b option was never implemented, ignoring it".
> >
> >So if anyone, for some strange reason, is using it, their scripts will
> >not break.
> >
> >I know this may sound a bit nitpicking but I think it's good to make
> >sure that we don't break anything.
>
> I think we are not talking about the same thing. If you run
> `iptables-save -b`, the program will exit with status 1 without
> printing anything related to rules. (Outputs "binary NYI" which, if
> you happen to be able to resolve the acronym, expands to "not yet
> implemented")
>
> How would that be any better than getting "invalid option: -B"?
Well, we'll hit that anyway once you remove -b option.
> It is "NYI". Given the issues with binary representations that have
> come up within the last 10 years so far, I doubt that we have a
> reason to offer wanting to dump the packed ruleset right now.
Fair enough, go ahead.
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2011-09-12 18:52 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-09-11 15:35 iptables: libiptc, cleanups Jan Engelhardt
2011-09-11 15:35 ` [PATCH 1/9] libiptc: resolve compile failure Jan Engelhardt
2011-09-11 15:35 ` [PATCH 2/9] iptables-save: remove binary dumping dead code Jan Engelhardt
2011-09-12 9:32 ` Pablo Neira Ayuso
2011-09-12 10:48 ` Jan Engelhardt
2011-09-12 18:52 ` Pablo Neira Ayuso
2011-09-11 15:35 ` [PATCH 3/9] libiptc: remove unused HOOK_DROPPING thing Jan Engelhardt
2011-09-11 15:35 ` [PATCH 4/9] libiptc: combine common types Jan Engelhardt
2011-09-12 9:36 ` Pablo Neira Ayuso
2011-09-12 10:43 ` Jan Engelhardt
2011-09-12 18:38 ` Pablo Neira Ayuso
2011-09-11 15:35 ` [PATCH 5/9] libiptc: replace ipt_chainlabel by xt_chainlabel Jan Engelhardt
2011-09-11 15:35 ` [PATCH 6/9] libiptc: combine common types: _handle Jan Engelhardt
2011-09-11 15:35 ` [PATCH 7/9] src: resolve old macro names that are indirections Jan Engelhardt
2011-09-11 15:35 ` [PATCH 8/9] libiptc: use a family-invariant xtc_ops struct for code reduction Jan Engelhardt
2011-09-11 15:35 ` [PATCH 9/9] ip6tables-restore: make code look alike with iptables-restore Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.