From a1187fff744cf407c010fb52a482950d958dbf02 Mon Sep 17 00:00:00 2001 From: laforge Date: Mon, 6 Aug 2001 18:50:21 +0000 Subject: - added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental --- INSTALL | 20 +++++++++++------- Makefile | 43 +++++++++++++++++++++++++++----------- Rules.make | 1 + extensions/Makefile | 46 +++++++++++++++++++++++++++++++++++++++++ extensions/libip6t_LOG.c | 1 + extensions/libip6t_MARK.c | 1 + extensions/libip6t_agr.c | 1 + extensions/libip6t_icmpv6.c | 2 +- extensions/libip6t_limit.c | 1 + extensions/libip6t_mac.c | 1 + extensions/libip6t_mark.c | 1 + extensions/libip6t_multiport.c | 1 + extensions/libip6t_owner.c | 1 + extensions/libip6t_standard.c | 1 + extensions/libip6t_tcp.c | 1 + extensions/libip6t_udp.c | 1 + extensions/libipt_BALANCE.c | 1 + extensions/libipt_DNAT.c | 1 + extensions/libipt_FTOS.c | 1 + extensions/libipt_LOG.c | 1 + extensions/libipt_MARK.c | 1 + extensions/libipt_MASQUERADE.c | 1 + extensions/libipt_MIRROR.c | 1 + extensions/libipt_NETLINK.c | 1 + extensions/libipt_NETMAP.c | 1 + extensions/libipt_POOL.c | 1 + extensions/libipt_REDIRECT.c | 1 + extensions/libipt_REJECT.c | 1 + extensions/libipt_SAME.c | 1 + extensions/libipt_SNAT.c | 1 + extensions/libipt_TCPMSS.c | 1 + extensions/libipt_TOS.c | 2 ++ extensions/libipt_TTL.c | 1 + extensions/libipt_ULOG.c | 1 + extensions/libipt_ah.c | 1 + extensions/libipt_connlimit.c | 1 + extensions/libipt_esp.c | 1 + extensions/libipt_icmp.c | 1 + extensions/libipt_ipv4options.c | 1 + extensions/libipt_length.c | 1 + extensions/libipt_limit.c | 1 + extensions/libipt_mac.c | 1 + extensions/libipt_mark.c | 1 + extensions/libipt_multiport.c | 1 + extensions/libipt_owner.c | 1 + extensions/libipt_pkttype.c | 1 + extensions/libipt_pool.c | 1 + extensions/libipt_psd.c | 1 + extensions/libipt_record_rpc.c | 1 + extensions/libipt_standard.c | 1 + extensions/libipt_state.c | 1 + extensions/libipt_string.c | 1 + extensions/libipt_tcp.c | 1 + extensions/libipt_tcpmss.c | 1 + extensions/libipt_time.c | 1 + extensions/libipt_tos.c | 2 ++ extensions/libipt_ttl.c | 1 + extensions/libipt_udp.c | 1 + extensions/libipt_unclean.c | 1 + include/ip6tables.h | 6 ++++++ include/iptables.h | 6 ++++++ include/iptables_common.h | 7 +++++++ ip6tables-restore.c | 4 ++++ ip6tables-save.c | 4 ++++ ip6tables-standalone.c | 4 ++++ ip6tables.c | 18 ++++++++++++++++ iptables-restore.c | 6 +++++- iptables-save.c | 4 ++++ iptables-standalone.c | 4 ++++ iptables.c | 18 ++++++++++++++++ 70 files changed, 228 insertions(+), 21 deletions(-) diff --git a/INSTALL b/INSTALL index 738dd99..59fe5ef 100644 --- a/INSTALL +++ b/INSTALL @@ -17,16 +17,16 @@ That's it! ================================================================ FEELING BRAVE? -1) If you want to try some extensions, you can do the following: +1) The netfilter core team is maintaining a set of extensions / new + features which are not yet committed to the mainstream kernel tree. + +If you want to try some extensions, you can do the following: % make patch-o-matic KERNEL_DIR=<> -This offers you a collection of maybe-broken maybe-cool third-part +This offers you a collection of maybe-broken maybe-cool third-party extensions. It will modify you kernel source (so back it up first!). - -2) If you want to test out `iptables-save' and `iptables-restore', you -can use - % make experimental - % make install-experimental +Most of them will require you to recompile / rebuild your kernel and +modules. ================================================================ PROBLEMS YOU MAY ENCOUNTER: @@ -42,6 +42,12 @@ PROBLEMS YOU MAY ENCOUNTER: % make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man # make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install +4) If you want to build a statically linked version of the iptables binary, + without the need for loading the plugins at runtime (e.g. for an embedded + device or router-on-a-disk), please use + + % make NO_SHARED_LIBS=1 + NOTE: make sure you build with at least the correct LIBDIR= specification, otherwise iptables(8) won't know where to find the dynamic objects. diff --git a/Makefile b/Makefile index 5446177..238c34a 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ # Standard part of Makefile for topdir. TOPLEVEL_INCLUDED=YES +# uncomment this to get a fully statically linked version +# NO_SHARED_LIBS = 1 + ifndef KERNEL_DIR KERNEL_DIR=/usr/src/linux endif @@ -25,8 +28,24 @@ endif COPT_FLAGS:=-O2 -DNDEBUG CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg +ifdef NO_SHARED_LIBS +CFLAGS += -DNO_SHARED_LIBS=1 +endif + +ifndef NO_SHARED_LIBS DEPFILES = $(SHARED_LIBS:%.so=%.d) SH_CFLAGS:=$(CFLAGS) -fPIC +STATIC_LIBS = +STATIC6_LIBS = +LDFLAGS = -rdynamic +LDLIBS = -ldl +else +DEPFILES = $(EXT_OBJS:%.o=%.d) +STATIC_LIBS = extensions/libext.a +STATIC6_LIBS = extensions/libext6.a +LDFLAGS = +LDLIBS = +endif EXTRAS+=iptables iptables.o EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8 @@ -72,22 +91,22 @@ pending-patches: iptables.o: iptables.c $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $< -iptables: iptables-standalone.c iptables.o libiptc/libiptc.a - $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl +iptables: iptables-standalone.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a + $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) $(DESTDIR)$(BINDIR)/iptables: iptables @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) cp $< $@ -iptables-save: iptables-save.c iptables.o libiptc/libiptc.a - $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl +iptables-save: iptables-save.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a + $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) $(DESTDIR)$(BINDIR)/iptables-save: iptables-save @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) cp $< $@ -iptables-restore: iptables-restore.c iptables.o libiptc/libiptc.a - $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl +iptables-restore: iptables-restore.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a + $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) $(DESTDIR)$(BINDIR)/iptables-restore: iptables-restore @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) @@ -96,22 +115,22 @@ $(DESTDIR)$(BINDIR)/iptables-restore: iptables-restore ip6tables.o: ip6tables.c $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $< -ip6tables: ip6tables-standalone.c ip6tables.o libiptc/libiptc.a - $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl +ip6tables: ip6tables-standalone.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a + $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ $(LD_LIBS) $(DESTDIR)$(BINDIR)/ip6tables: ip6tables @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) cp $< $@ -ip6tables-save: ip6tables-save.c ip6tables.o libiptc/libiptc.a - $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl +ip6tables-save: ip6tables-save.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a + $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ $(LD_LIBS) $(DESTDIR)$(BINDIR)/ip6tables-save: ip6tables-save @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) cp $< $@ -ip6tables-restore: ip6tables-restore.c ip6tables.o libiptc/libiptc.a - $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ -ldl +ip6tables-restore: ip6tables-restore.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a + $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -rdynamic -o $@ $^ $(LD_LIBS) $(DESTDIR)$(BINDIR)/ip6tables-restore: ip6tables-restore @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) diff --git a/Rules.make b/Rules.make index 7c84143..8c04caf 100644 --- a/Rules.make +++ b/Rules.make @@ -7,6 +7,7 @@ experimental: $(EXTRAS_EXP) # Have to handle extensions which no longer exist. clean: $(EXTRA_CLEANS) rm -f $(SHARED_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) + rm -f extensions/initext.c extensions/initext6.c @find . -name '*.[ao]' -o -name '*.so' | xargs rm -f install: all $(EXTRA_INSTALLS) diff --git a/extensions/Makefile b/extensions/Makefile index d7b6173..e420aeb 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -16,6 +16,7 @@ PF6_EXT_SLIB+=$(PF6_EXT_SLIB_OPTS) OPTIONALS+=$(patsubst %,IPv4:%,$(PF_EXT_SLIB_OPTS)) OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT_SLIB_OPTS)) +ifndef NO_SHARED_LIBS SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) @@ -23,12 +24,57 @@ ifdef DO_IPV6 SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) endif +else # NO_SHARED_LIBS +EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o) +EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T)) +EXT_OBJS+= extensions/initext.o +EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o) +EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T)) +EXT6_OBJS+= extensions/initext6.o +endif ifndef TOPLEVEL_INCLUDED local: cd .. && $(MAKE) $(SHARED_LIBS) endif +ifdef NO_SHARED_LIBS +extensions/libext.a: $(EXT_OBJS) + rm -f $@; ar crv $@ $(EXT_OBJS) + +extensions/libext6.a: $(EXT6_OBJS) + rm -f $@; ar crv $@ $(EXT6_OBJS) + +extensions/initext.o: extensions/initext.c +extensions/initext6.o: extensions/initext6.c + +extensions/initext.c: extensions/Makefile + echo "" > $@ + for i in $(EXT_FUNC); do \ + echo "extern void $${i}_init(void);" >> $@; \ + done + echo "void init_extensions(void) {" >> $@ + for i in $(EXT_FUNC); do \ + echo " $${i}_init();" >> $@; \ + done + echo "}" >> $@ + +extensions/initext6.c: extensions/Makefile + echo "" > $@ + for i in $(EXT6_FUNC); do \ + echo "extern void $${i}_init(void);" >> $@; \ + done + echo "void init_extensions(void) {" >> $@ + for i in $(EXT6_FUNC); do \ + echo " $${i}_init();" >> $@; \ + done + echo "}" >> $@ + +extensions/lib%.o: extensions/lib%.c + $(CC) $(CFLAGS) -D_INIT=$*_init -c -o $@ $< + +endif + $(DESTDIR)$(LIBDIR)/iptables/libipt_%.so: extensions/libipt_%.so @[ -d $(DESTDIR)$(LIBDIR)/iptables ] || mkdir -p $(DESTDIR)$(LIBDIR)/iptables cp $< $@ diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index 6800315..ef39c98 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -239,6 +239,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target) printf("--log-ip-options "); } +static struct ip6tables_target log = { NULL, "LOG", diff --git a/extensions/libip6t_MARK.c b/extensions/libip6t_MARK.c index efbb4ec..6d2b103 100644 --- a/extensions/libip6t_MARK.c +++ b/extensions/libip6t_MARK.c @@ -100,6 +100,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target) printf("--set-mark 0x%lx ", markinfo->mark); } +static struct ip6tables_target mark = { NULL, "MARK", diff --git a/extensions/libip6t_agr.c b/extensions/libip6t_agr.c index 676f9e6..888fc2c 100644 --- a/extensions/libip6t_agr.c +++ b/extensions/libip6t_agr.c @@ -65,6 +65,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match /* printf("--agr "); */ } +static struct ip6tables_match agr = { NULL, "agr", diff --git a/extensions/libip6t_icmpv6.c b/extensions/libip6t_icmpv6.c index 1b801d2..67302eb 100644 --- a/extensions/libip6t_icmpv6.c +++ b/extensions/libip6t_icmpv6.c @@ -258,7 +258,7 @@ static void final_check(unsigned int flags) { } -struct ip6tables_match icmpv6 +static struct ip6tables_match icmpv6 = { NULL, "icmpv6", NETFILTER_VERSION, diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c index cd267ef..837b0fe 100644 --- a/extensions/libip6t_limit.c +++ b/extensions/libip6t_limit.c @@ -176,6 +176,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match printf("--limit-burst %u ", r->burst); } +static struct ip6tables_match limit = { NULL, "limit", diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c index 283c486..e4c4345 100644 --- a/extensions/libip6t_mac.c +++ b/extensions/libip6t_mac.c @@ -124,6 +124,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match ((struct ip6t_mac_info *)match->data)->invert); } +static struct ip6tables_match mac = { NULL, "mac", diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c index e4ed932..b344bb6 100644 --- a/extensions/libip6t_mark.c +++ b/extensions/libip6t_mark.c @@ -108,6 +108,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match) ((struct ip6t_mark_info *)match->data)->invert, 0); } +static struct ip6tables_match mark = { NULL, "mark", diff --git a/extensions/libip6t_multiport.c b/extensions/libip6t_multiport.c index d58bbb9..16bbcf8 100644 --- a/extensions/libip6t_multiport.c +++ b/extensions/libip6t_multiport.c @@ -242,6 +242,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match printf(" "); } +static struct ip6tables_match multiport = { NULL, "multiport", diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c index 7648d65..4eed251 100644 --- a/extensions/libip6t_owner.c +++ b/extensions/libip6t_owner.c @@ -199,6 +199,7 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match) print_item(info, IP6T_OWNER_SID, 0, "--sid-owner "); } +static struct ip6tables_match owner = { NULL, "owner", diff --git a/extensions/libip6t_standard.c b/extensions/libip6t_standard.c index 1ffb1d7..7941448 100644 --- a/extensions/libip6t_standard.c +++ b/extensions/libip6t_standard.c @@ -47,6 +47,7 @@ save(const struct ip6t_ip6 *ip6, const struct ip6t_entry_target *target) { } +static struct ip6tables_target standard = { NULL, "standard", diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c index dd515f0..f03f072 100644 --- a/extensions/libip6t_tcp.c +++ b/extensions/libip6t_tcp.c @@ -420,6 +420,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match } } +static struct ip6tables_match tcp = { NULL, "tcp", diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c index ac03616..441c814 100644 --- a/extensions/libip6t_udp.c +++ b/extensions/libip6t_udp.c @@ -231,6 +231,7 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match } } +static struct ip6tables_match udp = { NULL, "udp", diff --git a/extensions/libipt_BALANCE.c b/extensions/libipt_BALANCE.c index abbf1b6..75f4cda 100644 --- a/extensions/libipt_BALANCE.c +++ b/extensions/libipt_BALANCE.c @@ -131,6 +131,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("-%s ", addr_to_dotted(&a)); } +static struct iptables_target balance = { NULL, "BALANCE", diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 8ae9a62..3e466ae 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -224,6 +224,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) } } +static struct iptables_target dnat = { NULL, "DNAT", diff --git a/extensions/libipt_FTOS.c b/extensions/libipt_FTOS.c index 48f88ec..b9a5d69 100644 --- a/extensions/libipt_FTOS.c +++ b/extensions/libipt_FTOS.c @@ -110,6 +110,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--set-ftos 0x%02x ", finfo->ftos); } +static struct iptables_target ftos = { NULL, "FTOS", diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 9f41853..f71f4bf 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -239,6 +239,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--log-ip-options "); } +static struct iptables_target log = { NULL, "LOG", diff --git a/extensions/libipt_MARK.c b/extensions/libipt_MARK.c index ef7d733..6d4c41e 100644 --- a/extensions/libipt_MARK.c +++ b/extensions/libipt_MARK.c @@ -100,6 +100,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--set-mark 0x%lx ", markinfo->mark); } +static struct iptables_target mark = { NULL, "MARK", diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 2159016..0eecba5 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -146,6 +146,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) } } +static struct iptables_target masq = { NULL, "MASQUERADE", diff --git a/extensions/libipt_MIRROR.c b/extensions/libipt_MIRROR.c index b4d9a07..632e954 100644 --- a/extensions/libipt_MIRROR.c +++ b/extensions/libipt_MIRROR.c @@ -41,6 +41,7 @@ final_check(unsigned int flags) { } +static struct iptables_target mirror = { NULL, "MIRROR", diff --git a/extensions/libipt_NETLINK.c b/extensions/libipt_NETLINK.c index 3faf928..104e642 100644 --- a/extensions/libipt_NETLINK.c +++ b/extensions/libipt_NETLINK.c @@ -136,6 +136,7 @@ print(const struct ipt_ip *ip, printf("nlsize %i ", nld->size); } +static struct iptables_target netlink = { NULL, "NETLINK", NETFILTER_VERSION, diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index 7d5ad04..947ca8d 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -179,6 +179,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) print(ip, target, 0); } +static struct iptables_target target_module = { NULL, MODULENAME, diff --git a/extensions/libipt_POOL.c b/extensions/libipt_POOL.c index 12d9572..6269771 100644 --- a/extensions/libipt_POOL.c +++ b/extensions/libipt_POOL.c @@ -130,6 +130,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) } } +static struct iptables_target ipt_pool_target = { NULL, "POOL", diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 3119a70..02afacf 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -147,6 +147,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) } } +static struct iptables_target redir = { NULL, "REDIRECT", diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index 956805a..eb81341 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -155,6 +155,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--reject-with %s ", reject_table[i].name); } +static struct iptables_target reject = { NULL, "REJECT", diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 84bc3c5..4e7ef37 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -165,6 +165,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--nodst "); } +static struct iptables_target same = { NULL, "SAME", diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 83f4ce9..1af0d5e 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -224,6 +224,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) } } +static struct iptables_target snat = { NULL, "SNAT", diff --git a/extensions/libipt_TCPMSS.c b/extensions/libipt_TCPMSS.c index d14f0c0..ebc10a7 100644 --- a/extensions/libipt_TCPMSS.c +++ b/extensions/libipt_TCPMSS.c @@ -113,6 +113,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--set-mss %u ", mssinfo->mss); } +static struct iptables_target mss = { NULL, "TCPMSS", diff --git a/extensions/libipt_TOS.c b/extensions/libipt_TOS.c index 9feba06..0e54a08 100644 --- a/extensions/libipt_TOS.c +++ b/extensions/libipt_TOS.c @@ -14,6 +14,7 @@ struct tosinfo { }; /* TOS names and values. */ +static struct TOS_value { unsigned char TOS; @@ -152,6 +153,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) printf("--set-tos 0x%02x ", tosinfo->tos); } +static struct iptables_target tos = { NULL, "TOS", diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index 985b914..b04289a 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -143,6 +143,7 @@ static struct option opts[] = { { 0 } }; +static struct iptables_target TTL = { NULL, "TTL", NETFILTER_VERSION, diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c index 9d4bad8..5de8ee0 100644 --- a/extensions/libipt_ULOG.c +++ b/extensions/libipt_ULOG.c @@ -187,6 +187,7 @@ print(const struct ipt_ip *ip, printf("queue_threshold %d ", loginfo->qthreshold); } +static struct iptables_target ulog = { NULL, "ULOG", NETFILTER_VERSION, diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index e779fa5..0473760 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -169,6 +169,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } +static struct iptables_match ah = { NULL, "ah", diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c index 19928ac..a11cf14 100644 --- a/extensions/libipt_connlimit.c +++ b/extensions/libipt_connlimit.c @@ -113,6 +113,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) printf("--iplimit-mask %d ",count_bits(info->mask)); } +static static struct iptables_match iplimit = { name: "iplimit", version: NETFILTER_VERSION, diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c index d60c2a6..07d2515 100644 --- a/extensions/libipt_esp.c +++ b/extensions/libipt_esp.c @@ -169,6 +169,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } +static struct iptables_match esp = { NULL, "esp", diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index a8b6bd1..8d2d85d 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -273,6 +273,7 @@ static void final_check(unsigned int flags) { } +static struct iptables_match icmp = { NULL, "icmp", diff --git a/extensions/libipt_ipv4options.c b/extensions/libipt_ipv4options.c index 89ca9fc..e99c96c 100644 --- a/extensions/libipt_ipv4options.c +++ b/extensions/libipt_ipv4options.c @@ -253,6 +253,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) printf(" "); } +static struct iptables_match ipv4options_struct = { NULL, "ipv4options", diff --git a/extensions/libipt_length.c b/extensions/libipt_length.c index ee2af94..00326c4 100644 --- a/extensions/libipt_length.c +++ b/extensions/libipt_length.c @@ -139,6 +139,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) print_length((struct ipt_length_info *)match->data); } +static struct iptables_match length = { NULL, "length", diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c index 9aaf842..edbc1cb 100644 --- a/extensions/libipt_limit.c +++ b/extensions/libipt_limit.c @@ -176,6 +176,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) printf("--limit-burst %u ", r->burst); } +static struct iptables_match limit = { NULL, "limit", diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c index 6d61d60..1b088a8 100644 --- a/extensions/libipt_mac.c +++ b/extensions/libipt_mac.c @@ -124,6 +124,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) ((struct ipt_mac_info *)match->data)->invert); } +static struct iptables_match mac = { NULL, "mac", diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c index aced547..001635a 100644 --- a/extensions/libipt_mark.c +++ b/extensions/libipt_mark.c @@ -108,6 +108,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) ((struct ipt_mark_info *)match->data)->invert, 0); } +static struct iptables_match mark = { NULL, "mark", diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c index 6eb5bdf..58cf18c 100644 --- a/extensions/libipt_multiport.c +++ b/extensions/libipt_multiport.c @@ -242,6 +242,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) printf(" "); } +static struct iptables_match multiport = { NULL, "multiport", diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c index 233cd0b..953eb59 100644 --- a/extensions/libipt_owner.c +++ b/extensions/libipt_owner.c @@ -199,6 +199,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) print_item(info, IPT_OWNER_SID, 0, "--sid-owner "); } +static struct iptables_match owner = { NULL, "owner", diff --git a/extensions/libipt_pkttype.c b/extensions/libipt_pkttype.c index f05a231..04a43db 100644 --- a/extensions/libipt_pkttype.c +++ b/extensions/libipt_pkttype.c @@ -153,6 +153,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) print_pkttype(info); } +static struct iptables_match pkttype = { NULL, "pkttype", diff --git a/extensions/libipt_pool.c b/extensions/libipt_pool.c index 23e2922..3fec463 100644 --- a/extensions/libipt_pool.c +++ b/extensions/libipt_pool.c @@ -122,6 +122,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) ip_pool_get_name(buf, sizeof(buf), info->dst, 0)); } +static struct iptables_match pool = { NULL, "pool", diff --git a/extensions/libipt_psd.c b/extensions/libipt_psd.c index d5bb87e..21b9fb8 100644 --- a/extensions/libipt_psd.c +++ b/extensions/libipt_psd.c @@ -174,6 +174,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) printf("--psd-hi-ports-weight %u ",psdinfo->hi_ports_weight); } +static struct iptables_match psd = { NULL, "psd", diff --git a/extensions/libipt_record_rpc.c b/extensions/libipt_record_rpc.c index f0c86ba..c40df40 100644 --- a/extensions/libipt_record_rpc.c +++ b/extensions/libipt_record_rpc.c @@ -52,6 +52,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) { } +static struct iptables_match record_rpc = { NULL, "record_rpc", diff --git a/extensions/libipt_standard.c b/extensions/libipt_standard.c index 22db24b..c5faf18 100644 --- a/extensions/libipt_standard.c +++ b/extensions/libipt_standard.c @@ -47,6 +47,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target) { } +static struct iptables_target standard = { NULL, "standard", diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c index d21ccf1..25bc2a2 100644 --- a/extensions/libipt_state.c +++ b/extensions/libipt_state.c @@ -142,6 +142,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) print_state(sinfo->statemask); } +static struct iptables_match state = { NULL, "state", diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c index 279f9be..b9f38d7 100644 --- a/extensions/libipt_string.c +++ b/extensions/libipt_string.c @@ -113,6 +113,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) ((struct ipt_string_info *)match->data)->invert, 0); } +static struct iptables_match string = { NULL, "string", diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c index 1b0a37a..7f17252 100644 --- a/extensions/libipt_tcp.c +++ b/extensions/libipt_tcp.c @@ -423,6 +423,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } } +static struct iptables_match tcp = { NULL, "tcp", diff --git a/extensions/libipt_tcpmss.c b/extensions/libipt_tcpmss.c index 6cf4211..92e0539 100644 --- a/extensions/libipt_tcpmss.c +++ b/extensions/libipt_tcpmss.c @@ -140,6 +140,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) mssinfo->invert, 0); } +static struct iptables_match tcpmss = { NULL, "tcpmss", diff --git a/extensions/libipt_time.c b/extensions/libipt_time.c index 10b3788..9d1e559 100644 --- a/extensions/libipt_time.c +++ b/extensions/libipt_time.c @@ -288,6 +288,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) printf(" "); } +static struct iptables_match timestruct = { NULL, "time", diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c index f1d3b2a..a1ef4e6 100644 --- a/extensions/libipt_tos.c +++ b/extensions/libipt_tos.c @@ -9,6 +9,7 @@ #include /* TOS names and values. */ +static struct TOS_value { unsigned char TOS; @@ -151,6 +152,7 @@ save(const struct ipt_ip *ip, const struct ipt_entry_match *match) ((struct ipt_tos_info *)match->data)->invert, 0); } +static struct iptables_match tos = { NULL, "tos", diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index 060b240..f1ca31c 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -155,6 +155,7 @@ static struct option opts[] = { { 0 } }; +static struct iptables_match ttl = { NULL, "ttl", diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c index 9b18d18..3db35b1 100644 --- a/extensions/libipt_udp.c +++ b/extensions/libipt_udp.c @@ -231,6 +231,7 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } } +static struct iptables_match udp = { NULL, "udp", diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c index b954e36..5e842e9 100644 --- a/extensions/libipt_unclean.c +++ b/extensions/libipt_unclean.c @@ -41,6 +41,7 @@ static void final_check(unsigned int flags) { } +static struct iptables_match unclean = { NULL, "unclean", diff --git a/include/ip6tables.h b/include/ip6tables.h index 9ac3835..ca388f7 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -51,6 +51,9 @@ struct ip6tables_match struct ip6t_entry_match *m; unsigned int mflags; unsigned int used; +#ifdef NO_SHARED_LIBS + unsigned int loaded; /* simulate loading so options are merged properly */ +#endif }; struct ip6tables_target @@ -98,6 +101,9 @@ struct ip6tables_target struct ip6t_entry_target *t; unsigned int tflags; unsigned int used; +#ifdef NO_SHARED_LIBS + unsigned int loaded; /* simulate loading so options are merged properly */ +#endif }; /* Your shared library should call one of these. */ diff --git a/include/iptables.h b/include/iptables.h index 719db54..ac2a6b3 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -51,6 +51,9 @@ struct iptables_match struct ipt_entry_match *m; unsigned int mflags; unsigned int used; +#ifdef NO_SHARED_LIBS + unsigned int loaded; /* simulate loading so options are merged properly */ +#endif }; struct iptables_target @@ -98,6 +101,9 @@ struct iptables_target struct ipt_entry_target *t; unsigned int tflags; unsigned int used; +#ifdef NO_SHARED_LIBS + unsigned int loaded; /* simulate loading so options are merged properly */ +#endif }; /* Your shared library should call one of these. */ diff --git a/include/iptables_common.h b/include/iptables_common.h index dff849e..12b5797 100644 --- a/include/iptables_common.h +++ b/include/iptables_common.h @@ -19,4 +19,11 @@ void exit_error(enum exittype, char *, ...)__attribute__((noreturn, format(printf,2,3))); extern const char *program_name, *program_version; +#ifdef NO_SHARED_LIBS +# ifdef _INIT +# define _init _INIT +# endif + extern void init_extensions(void); +#endif + #endif /*_IPTABLES_COMMON_H*/ diff --git a/ip6tables-restore.c b/ip6tables-restore.c index f7a94f2..40804ee 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -93,6 +93,10 @@ int main(int argc, char *argv[]) program_name = "ip6tables-restore"; program_version = NETFILTER_VERSION; +#ifdef NO_SHARED_LIBS + init_extensions(); +#endif + while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) { switch (c) { case 'b': diff --git a/ip6tables-save.c b/ip6tables-save.c index c18bda2..772f786 100644 --- a/ip6tables-save.c +++ b/ip6tables-save.c @@ -314,6 +314,10 @@ int main(int argc, char *argv[]) program_name = "ip6tables-save"; program_version = NETFILTER_VERSION; +#ifdef NO_SHARED_LIBS + init_extensions(); +#endif + while ((c = getopt_long(argc, argv, "bc", options, NULL)) != -1) { switch (c) { case 'b': diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index 1120590..f0145ce 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -39,6 +39,10 @@ main(int argc, char *argv[]) program_name = "ip6tables"; program_version = NETFILTER_VERSION; +#ifdef NO_SHARED_LIBS + init_extensions(); +#endif + ret = do_command6(argc, argv, &table, &handle); if (ret) ret = ip6tc_commit(&handle); diff --git a/ip6tables.c b/ip6tables.c index 2160950..2d13f3a 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -684,6 +684,7 @@ find_match(const char *name, enum ip6t_tryload tryload) break; } +#ifndef NO_SHARED_LIBS if (!ptr && tryload != DONT_LOAD) { char path[sizeof(IP6T_LIB_DIR) + sizeof("/libip6t_.so") + strlen(name)]; @@ -701,6 +702,14 @@ find_match(const char *name, enum ip6t_tryload tryload) exit_error(PARAMETER_PROBLEM, "Couldn't load match `%s'\n", name); } +#else + if (ptr && !ptr->loaded) { + if (tryload != DONT_LOAD) + ptr->loaded = 1; + else + ptr = NULL; + } +#endif if (ptr) ptr->used = 1; @@ -881,6 +890,7 @@ find_target(const char *name, enum ip6t_tryload tryload) break; } +#ifndef NO_SHARED_LIBS if (!ptr && tryload != DONT_LOAD) { char path[sizeof(IP6T_LIB_DIR) + sizeof("/libip6t_.so") + strlen(name)]; @@ -898,6 +908,14 @@ find_target(const char *name, enum ip6t_tryload tryload) "Couldn't load target `%s'%s\n", name, dlerror()); } +#else + if (ptr && !ptr->loaded) { + if (tryload != DONT_LOAD) + ptr->loaded = 1; + else + ptr = NULL; + } +#endif if (ptr) ptr->used = 1; diff --git a/iptables-restore.c b/iptables-restore.c index b6bcb7b..2f4d876 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -4,7 +4,7 @@ * * This coude is distributed under the terms of GNU GPL * - * $Id: iptables-restore.c,v 1.12 2001/05/26 04:41:56 laforge Exp $ + * $Id: iptables-restore.c,v 1.13 2001/06/16 18:25:25 laforge Exp $ */ #include @@ -109,6 +109,10 @@ int main(int argc, char *argv[]) program_name = "iptables-restore"; program_version = NETFILTER_VERSION; +#ifdef NO_SHARED_LIBS + init_extensions(); +#endif + while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) { switch (c) { case 'b': diff --git a/iptables-save.c b/iptables-save.c index 6039714..aa3b69a 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -306,6 +306,10 @@ int main(int argc, char *argv[]) program_name = "iptables-save"; program_version = NETFILTER_VERSION; +#ifdef NO_SHARED_LIBS + init_extensions(); +#endif + while ((c = getopt_long(argc, argv, "bc", options, NULL)) != -1) { switch (c) { case 'b': diff --git a/iptables-standalone.c b/iptables-standalone.c index b891e97..791f950 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -40,6 +40,10 @@ main(int argc, char *argv[]) program_name = "iptables"; program_version = NETFILTER_VERSION; +#ifdef NO_SHARED_LIBS + init_extensions(); +#endif + ret = do_command(argc, argv, &table, &handle); if (ret) ret = iptc_commit(&handle); diff --git a/iptables.c b/iptables.c index 55420ab..7f4c892 100644 --- a/iptables.c +++ b/iptables.c @@ -649,6 +649,7 @@ find_match(const char *name, enum ipt_tryload tryload) break; } +#ifndef NO_SHARED_LIBS if (!ptr && tryload != DONT_LOAD) { char path[sizeof(IPT_LIB_DIR) + sizeof("/libipt_.so") + strlen(name)]; @@ -667,6 +668,14 @@ find_match(const char *name, enum ipt_tryload tryload) "Couldn't load match `%s':%s\n", name, dlerror()); } +#else + if (ptr && !ptr->loaded) { + if (tryload != DONT_LOAD) + ptr->loaded = 1; + else + ptr = NULL; + } +#endif if (ptr) ptr->used = 1; @@ -904,6 +913,7 @@ find_target(const char *name, enum ipt_tryload tryload) break; } +#ifndef NO_SHARED_LIBS if (!ptr && tryload != DONT_LOAD) { char path[sizeof(IPT_LIB_DIR) + sizeof("/libipt_.so") + strlen(name)]; @@ -921,6 +931,14 @@ find_target(const char *name, enum ipt_tryload tryload) "Couldn't load target `%s':%s\n", name, dlerror()); } +#else + if (ptr && !ptr->loaded) { + if (tryload != DONT_LOAD) + ptr->loaded = 1; + else + ptr = NULL; + } +#endif if (ptr) ptr->used = 1; -- cgit v1.2.3