diff options
| -rw-r--r-- | Makefile | 12 | ||||
| -rw-r--r-- | extensions/libipt_REDIRECT.c | 2 | ||||
| -rw-r--r-- | extensions/libipt_limit.c | 2 | ||||
| -rw-r--r-- | include/libiptc/libiptc.h | 23 | ||||
| -rw-r--r-- | libiptc/libiptc.c | 69 | 
5 files changed, 27 insertions, 81 deletions
| @@ -4,15 +4,15 @@ TOPLEVEL_INCLUDED=YES  ifndef KERNEL_DIR  KERNEL_DIR=/usr/src/linux  endif -NETFILTER_VERSION:=1.0.0 -OLD_NETFILTER_VERSION:=1.0.0beta +NETFILTER_VERSION:=1.0.1 +OLD_NETFILTER_VERSION:=1.0.0  LIBDIR:=/usr/local/lib  BINDIR:=/usr/local/bin  MANDIR:=/usr/local/man -COPT_FLAGS:=-O2 -CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g -pg +COPT_FLAGS:=-O #-O2 +CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" -g #-pg # -DNDEBUG  DEPFILES := $(SHARED_LIBS:%.so=%.d)  SH_CFLAGS:=$(CFLAGS) -fPIC @@ -68,8 +68,10 @@ distrib: check nowhitespace distclean delrelease /home/public/netfilter/iptables  # Makefile must not define:  # -g -pg +# And must define -NDEBUG  check: -	@if echo $(CFLAGS) | egrep 'DEBUG|-g|-pg' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi +	@if echo $(CFLAGS) | egrep -e '-g|-pg' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi +	@if echo $(CFLAGS) | egrep -e NDEBUG >/dev/null; then exit 0; else echo Define -DNDEBUG; exit 1; fi  nowhitespace:  	@if grep -n ' 	$$' `find . -name 'Makefile' -o -name '*.[ch]'`; then exit 1; else exit 0; fi diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 32b8c6f0..dd702430 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -121,8 +121,8 @@ print(const struct ipt_ip *ip,  		= (struct ip_nat_multi_range *)target->data;  	struct ip_nat_range *r = &mr->range[0]; -	printf("REDIRECT ");  	if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { +		printf("redir ports ");  		printf("%hu", ntohs(r->min.tcp.port));  		if (r->max.tcp.port != r->min.tcp.port)  			printf("-%hu", ntohs(r->max.tcp.port)); diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c index 24875ef0..e7dda7bc 100644 --- a/extensions/libipt_limit.c +++ b/extensions/libipt_limit.c @@ -8,7 +8,7 @@  #include <stdlib.h>  #include <getopt.h>  #include <iptables.h> -#include <linux/stddef.h> +#include <stddef.h>  #include <linux/netfilter_ipv4/ip_tables.h>  #include <linux/netfilter_ipv4/ipt_limit.h> diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index 0a491071..9058cffc 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -26,21 +26,20 @@ int iptc_is_chain(const char *chain, const iptc_handle_t handle);  /* Take a snapshot of the rules.  Returns NULL on error. */  iptc_handle_t iptc_init(const char *tablename); -/* Iterator functions to run through the chains; prev = NULL means -   first chain.  Returns NULL at end. */ -const char *iptc_next_chain(const char *prev, iptc_handle_t *handle); +/* Iterator functions to run through the chains.  Returns NULL at end. */ +const char *iptc_first_chain(iptc_handle_t *handle); +const char *iptc_next_chain(iptc_handle_t *handle); -/* How many rules in this chain? */ -unsigned int iptc_num_rules(const char *chain, iptc_handle_t *handle); +/* Get first rule in the given chain: NULL for empty chain. */ +const struct ipt_entry *iptc_first_rule(const char *chain, +					iptc_handle_t *handle); -/* Get n'th rule in this chain. */ -const struct ipt_entry *iptc_get_rule(const char *chain, -				      unsigned int n, -				      iptc_handle_t *handle); +/* Returns NULL when rules run out. */ +const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev, +				       iptc_handle_t *handle); -/* Returns a pointer to the target name of this position. */ -const char *iptc_get_target(const char *chain, -			    unsigned int n, +/* Returns a pointer to the target name of this entry. */ +const char *iptc_get_target(const struct ipt_entry *e,  			    iptc_handle_t *handle);  /* Is this a built-in chain? */ diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index 6c7f563e..fee3a042 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -119,7 +119,7 @@ set_changed(iptc_handle_t h)  #ifndef NDEBUG  static void do_check(iptc_handle_t h, unsigned int line); -#define CHECK(h) do_check((h), __LINE__) +#define CHECK(h) do { if (!getenv("IPTC_NO_CHECK")) do_check((h), __LINE__); } while(0)  #else  #define CHECK(h)  #endif @@ -459,14 +459,12 @@ add_chain(struct ipt_entry *e, iptc_handle_t h, struct ipt_entry **prev)  	return 0;  } -  static int alphasort(const void *a, const void *b)  {  	return strcmp(((struct chain_cache *)a)->name,  		      ((struct chain_cache *)b)->name);  } -  static int populate_cache(iptc_handle_t h)  {  	unsigned int i; @@ -493,7 +491,6 @@ static int populate_cache(iptc_handle_t h)  	IPT_ENTRY_ITERATE(h->entries.entries, h->entries.size,  			  add_chain, h, &prev); -	/* Sort users by alphabetical: */  	qsort(h->cache_chain_heads + h->cache_num_builtins,  	      h->cache_num_chains - h->cache_num_builtins,  	      sizeof(struct chain_cache), alphasort); @@ -505,48 +502,24 @@ static int populate_cache(iptc_handle_t h)  static struct chain_cache *  find_label(const char *name, iptc_handle_t handle)  { -	unsigned int start, end; +	unsigned int i;  	if (handle->cache_chain_heads == NULL  	    && !populate_cache(handle))  		return NULL; -	/* Linear search through builtins, then binary */ -	for (start = 0; start < handle->cache_num_builtins; start++) { -		if (strcmp(handle->cache_chain_heads[start].name, name) == 0) -			return &handle->cache_chain_heads[start]; +	/* FIXME: Linear search through builtins, then binary --RR */ +	for (i = 0; i < handle->cache_num_chains; i++) { +		if (strcmp(handle->cache_chain_heads[i].name, name) == 0) +			return &handle->cache_chain_heads[i];  	} -	/* Binary search. */ -	end = handle->cache_num_chains - 1; -	while (start < end) { -		struct chain_cache *mid; -		int res; - -		mid = &handle->cache_chain_heads[(start + end) / 2]; - -		res = strcmp(name, mid->name); -		if (res == 0) { -			 return mid; -		} else if (res > 0) -			start = (start + end + 1) / 2; -		else -			end = (start + end) / 2; -	} -	if (strcmp(name, handle->cache_chain_heads[start].name) == 0) -		return &handle->cache_chain_heads[start]; -	else -		return NULL; +	return NULL;  }  /* Does this chain exist? */  int iptc_is_chain(const char *chain, const iptc_handle_t handle)  { -	/* avoid infinite recursion */ -#if 0 -	CHECK(handle); -#endif -  	return find_label(chain, handle) != NULL;  } @@ -591,8 +564,6 @@ get_chain_end(const iptc_handle_t handle, unsigned int start)  const char *  iptc_first_chain(iptc_handle_t *handle)  { -	CHECK(*handle); -  	if ((*handle)->cache_chain_heads == NULL  	    && !populate_cache(*handle))  		return NULL; @@ -732,7 +703,6 @@ target_name(iptc_handle_t handle, const struct ipt_entry *ce)  const char *iptc_get_target(const struct ipt_entry *e,  			    iptc_handle_t *handle)  { -	CHECK(*handle);  	return target_name(*handle, e);  } @@ -761,7 +731,6 @@ iptc_get_policy(const char *chain,  	struct ipt_entry *e;  	int hook; -	CHECK(*handle);  	hook = iptc_builtin(chain, *handle);  	if (hook != 0)  		start = (*handle)->info.hook_entry[hook-1]; @@ -1024,7 +993,6 @@ iptc_insert_entry(const ipt_chainlabel chain,  	struct chain_cache *c;  	int ret; -	CHECK(*handle);  	iptc_fn = iptc_insert_entry;  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT; @@ -1047,7 +1015,6 @@ iptc_insert_entry(const ipt_chainlabel chain,  	ret = insert_rules(1, e->next_offset, e, offset,  			   chainindex + rulenum, rulenum == 0, handle);  	unmap_target((struct ipt_entry *)e, &old); -	CHECK(*handle);  	return ret;  } @@ -1063,7 +1030,6 @@ iptc_replace_entry(const ipt_chainlabel chain,  	struct chain_cache *c;  	int ret; -	CHECK(*handle);  	iptc_fn = iptc_replace_entry;  	if (!(c = find_label(chain, *handle))) { @@ -1086,12 +1052,10 @@ iptc_replace_entry(const ipt_chainlabel chain,  	if (!map_target(*handle, (struct ipt_entry *)e, offset, &old))  		return 0; -	CHECK(*handle);  	ret = insert_rules(1, e->next_offset, e, offset,  			   chainindex + rulenum, 1, handle);  	unmap_target((struct ipt_entry *)e, &old); -	CHECK(*handle);  	return ret;  } @@ -1106,7 +1070,6 @@ iptc_append_entry(const ipt_chainlabel chain,  	struct ipt_entry_target old;  	int ret; -	CHECK(*handle);  	iptc_fn = iptc_append_entry;  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT; @@ -1122,7 +1085,6 @@ iptc_append_entry(const ipt_chainlabel chain,  			   entry2index(*handle, c->end),  			   0, handle);  	unmap_target((struct ipt_entry *)e, &old); -	CHECK(*handle);  	return ret;  } @@ -1233,7 +1195,6 @@ iptc_delete_entry(const ipt_chainlabel chain,  	struct chain_cache *c;  	struct ipt_entry *e, *fw; -	CHECK(*handle);  	iptc_fn = iptc_delete_entry;  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT; @@ -1270,7 +1231,6 @@ iptc_delete_entry(const ipt_chainlabel chain,  					   offset, entry2index(*handle, e),  					   handle);  			free(fw); -			CHECK(*handle);  			return ret;  		}  	} @@ -1291,7 +1251,6 @@ iptc_delete_num_entry(const ipt_chainlabel chain,  	struct ipt_entry *e;  	struct chain_cache *c; -	CHECK(*handle);  	iptc_fn = iptc_delete_num_entry;  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT; @@ -1313,7 +1272,6 @@ iptc_delete_num_entry(const ipt_chainlabel chain,  	ret = delete_rules(1, e->next_offset, entry2offset(*handle, e),  			   index, handle); -	CHECK(*handle);  	return ret;  } @@ -1336,7 +1294,6 @@ iptc_flush_entries(const ipt_chainlabel chain, iptc_handle_t *handle)  	struct chain_cache *c;  	int ret; -	CHECK(*handle);  	iptc_fn = iptc_flush_entries;  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT; @@ -1349,7 +1306,6 @@ iptc_flush_entries(const ipt_chainlabel chain, iptc_handle_t *handle)  			   (char *)c->end - (char *)c->start,  			   entry2offset(*handle, c->start), startindex,  			   handle); -	CHECK(*handle);  	return ret;  } @@ -1360,7 +1316,6 @@ iptc_zero_entries(const ipt_chainlabel chain, iptc_handle_t *handle)  	unsigned int i, end;  	struct chain_cache *c; -	CHECK(*handle);  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT;  		return 0; @@ -1375,7 +1330,6 @@ iptc_zero_entries(const ipt_chainlabel chain, iptc_handle_t *handle)  	}  	set_changed(*handle); -	CHECK(*handle);  	return 1;  } @@ -1393,7 +1347,6 @@ iptc_create_chain(const ipt_chainlabel chain, iptc_handle_t *handle)  		struct ipt_standard_target target;  	} newc; -	CHECK(*handle);  	iptc_fn = iptc_create_chain;  	/* find_label doesn't cover built-in targets: DROP, ACCEPT, @@ -1432,7 +1385,6 @@ iptc_create_chain(const ipt_chainlabel chain, iptc_handle_t *handle)  			   index2offset(*handle, (*handle)->new_number - 1),  			   (*handle)->new_number - 1,  			   0, handle); -	CHECK(*handle);  	return ret;  } @@ -1458,7 +1410,6 @@ iptc_get_references(unsigned int *ref, const ipt_chainlabel chain,  {  	struct chain_cache *c; -	CHECK(*handle);  	if (!(c = find_label(chain, *handle))) {  		errno = ENOENT;  		return 0; @@ -1480,7 +1431,6 @@ iptc_delete_chain(const ipt_chainlabel chain, iptc_handle_t *handle)  	struct chain_cache *c;  	int ret; -	CHECK(*handle);  	if (!iptc_get_references(&references, chain, handle))  		return 0; @@ -1514,7 +1464,6 @@ iptc_delete_chain(const ipt_chainlabel chain, iptc_handle_t *handle)  			   get_entry(*handle, labeloff)->next_offset  			   + c->start->next_offset,  			   labeloff, labelidx, handle); -	CHECK(*handle);  	return ret;  } @@ -1527,7 +1476,6 @@ int iptc_rename_chain(const ipt_chainlabel oldname,  	struct chain_cache *c;  	struct ipt_error_target *t; -	CHECK(*handle);  	iptc_fn = iptc_rename_chain;  	/* find_label doesn't cover built-in targets: DROP, ACCEPT @@ -1562,7 +1510,6 @@ int iptc_rename_chain(const ipt_chainlabel oldname,  	strcpy(t->error, newname);  	set_changed(*handle); -	CHECK(*handle);  	return 1;  } @@ -1577,7 +1524,6 @@ iptc_set_policy(const ipt_chainlabel chain,  	struct ipt_entry *e;  	struct ipt_standard_target *t; -	CHECK(*handle);  	iptc_fn = iptc_set_policy;  	/* Figure out which chain. */  	hook = iptc_builtin(chain, *handle); @@ -1609,7 +1555,6 @@ iptc_set_policy(const ipt_chainlabel chain,  		= ((struct counter_map){ COUNTER_MAP_NOMAP, 0 });  	set_changed(*handle); -	CHECK(*handle);  	return 1;  } | 
