diff options
Diffstat (limited to 'iptables/iptables.c')
-rw-r--r-- | iptables/iptables.c | 110 |
1 files changed, 55 insertions, 55 deletions
diff --git a/iptables/iptables.c b/iptables/iptables.c index 830ddbcb..03ac63b8 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -171,7 +171,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] = /* -n */ 0, /* -s */ IPT_INV_SRCIP, /* -d */ IPT_INV_DSTIP, -/* -p */ IPT_INV_PROTO, +/* -p */ XT_INV_PROTO, /* -j */ 0, /* -v */ 0, /* -x */ 0, @@ -471,9 +471,9 @@ print_num(uint64_t number, unsigned int format) static void -print_header(unsigned int format, const char *chain, struct iptc_handle *handle) +print_header(unsigned int format, const char *chain, struct xtc_handle *handle) { - struct ipt_counters counters; + struct xt_counters counters; const char *pol = iptc_get_policy(chain, &counters, handle); printf("Chain %s", chain); if (pol) { @@ -521,7 +521,7 @@ print_header(unsigned int format, const char *chain, struct iptc_handle *handle) static int -print_match(const struct ipt_entry_match *m, +print_match(const struct xt_entry_match *m, const struct ipt_ip *ip, int numeric) { @@ -547,17 +547,17 @@ print_firewall(const struct ipt_entry *fw, const char *targname, unsigned int num, unsigned int format, - struct iptc_handle *const handle) + struct xtc_handle *const handle) { const struct xtables_target *target = NULL; - const struct ipt_entry_target *t; + const struct xt_entry_target *t; uint8_t flags; char buf[BUFSIZ]; if (!iptc_is_chain(targname, handle)) target = xtables_find_target(targname, XTF_TRY_LOAD); else - target = xtables_find_target(IPT_STANDARD_TARGET, + target = xtables_find_target(XT_STANDARD_TARGET, XTF_LOAD_MUST_SUCCEED); t = ipt_get_target((struct ipt_entry *)fw); @@ -574,7 +574,7 @@ print_firewall(const struct ipt_entry *fw, if (!(format & FMT_NOTARGET)) printf(FMT("%-9s ", "%s "), targname); - fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout); + fputc(fw->ip.invflags & XT_INV_PROTO ? '!' : ' ', stdout); { const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); if (pname) @@ -669,16 +669,16 @@ print_firewall(const struct ipt_entry *fw, static void print_firewall_line(const struct ipt_entry *fw, - struct iptc_handle *const h) + struct xtc_handle *const h) { - struct ipt_entry_target *t; + struct xt_entry_target *t; t = ipt_get_target((struct ipt_entry *)fw); print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h); } static int -append_entry(const ipt_chainlabel chain, +append_entry(const xt_chainlabel chain, struct ipt_entry *fw, unsigned int nsaddrs, const struct in_addr saddrs[], @@ -687,7 +687,7 @@ append_entry(const ipt_chainlabel chain, const struct in_addr daddrs[], const struct in_addr dmasks[], int verbose, - struct iptc_handle *handle) + struct xtc_handle *handle) { unsigned int i, j; int ret = 1; @@ -708,13 +708,13 @@ append_entry(const ipt_chainlabel chain, } static int -replace_entry(const ipt_chainlabel chain, +replace_entry(const xt_chainlabel chain, struct ipt_entry *fw, unsigned int rulenum, const struct in_addr *saddr, const struct in_addr *smask, const struct in_addr *daddr, const struct in_addr *dmask, int verbose, - struct iptc_handle *handle) + struct xtc_handle *handle) { fw->ip.src.s_addr = saddr->s_addr; fw->ip.dst.s_addr = daddr->s_addr; @@ -727,7 +727,7 @@ replace_entry(const ipt_chainlabel chain, } static int -insert_entry(const ipt_chainlabel chain, +insert_entry(const xt_chainlabel chain, struct ipt_entry *fw, unsigned int rulenum, unsigned int nsaddrs, @@ -737,7 +737,7 @@ insert_entry(const ipt_chainlabel chain, const struct in_addr daddrs[], const struct in_addr dmasks[], int verbose, - struct iptc_handle *handle) + struct xtc_handle *handle) { unsigned int i, j; int ret = 1; @@ -768,10 +768,10 @@ make_delete_mask(const struct xtables_rule_match *matches, size = sizeof(struct ipt_entry); for (matchp = matches; matchp; matchp = matchp->next) - size += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; + size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; mask = xtables_calloc(1, size - + XT_ALIGN(sizeof(struct ipt_entry_target)) + + XT_ALIGN(sizeof(struct xt_entry_target)) + target->size); memset(mask, 0xFF, sizeof(struct ipt_entry)); @@ -779,20 +779,20 @@ make_delete_mask(const struct xtables_rule_match *matches, for (matchp = matches; matchp; matchp = matchp->next) { memset(mptr, 0xFF, - XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->userspacesize); - mptr += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; + mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; } memset(mptr, 0xFF, - XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_entry_target)) + target->userspacesize); return mask; } static int -delete_entry(const ipt_chainlabel chain, +delete_entry(const xt_chainlabel chain, struct ipt_entry *fw, unsigned int nsaddrs, const struct in_addr saddrs[], @@ -801,7 +801,7 @@ delete_entry(const ipt_chainlabel chain, const struct in_addr daddrs[], const struct in_addr dmasks[], int verbose, - struct iptc_handle *handle, + struct xtc_handle *handle, struct xtables_rule_match *matches, const struct xtables_target *target) { @@ -827,11 +827,11 @@ delete_entry(const ipt_chainlabel chain, } static int -check_entry(const ipt_chainlabel chain, struct ipt_entry *fw, +check_entry(const xt_chainlabel chain, struct ipt_entry *fw, unsigned int nsaddrs, const struct in_addr *saddrs, const struct in_addr *smasks, unsigned int ndaddrs, const struct in_addr *daddrs, const struct in_addr *dmasks, - bool verbose, struct iptc_handle *handle, + bool verbose, struct xtc_handle *handle, struct xtables_rule_match *matches, const struct xtables_target *target) { @@ -857,8 +857,8 @@ check_entry(const ipt_chainlabel chain, struct ipt_entry *fw, } int -for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), - int verbose, int builtinstoo, struct iptc_handle *handle) +for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), + int verbose, int builtinstoo, struct xtc_handle *handle) { int ret = 1; const char *chain; @@ -871,21 +871,21 @@ for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), chain = iptc_next_chain(handle); } - chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount); + chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount); i = 0; chain = iptc_first_chain(handle); while (chain) { - strcpy(chains + i*sizeof(ipt_chainlabel), chain); + strcpy(chains + i*sizeof(xt_chainlabel), chain); i++; chain = iptc_next_chain(handle); } for (i = 0; i < chaincount; i++) { if (!builtinstoo - && iptc_builtin(chains + i*sizeof(ipt_chainlabel), + && iptc_builtin(chains + i*sizeof(xt_chainlabel), handle) == 1) continue; - ret &= fn(chains + i*sizeof(ipt_chainlabel), verbose, handle); + ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle); } free(chains); @@ -893,8 +893,8 @@ for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), } int -flush_entries4(const ipt_chainlabel chain, int verbose, - struct iptc_handle *handle) +flush_entries4(const xt_chainlabel chain, int verbose, + struct xtc_handle *handle) { if (!chain) return for_each_chain4(flush_entries4, verbose, 1, handle); @@ -905,8 +905,8 @@ flush_entries4(const ipt_chainlabel chain, int verbose, } static int -zero_entries(const ipt_chainlabel chain, int verbose, - struct iptc_handle *handle) +zero_entries(const xt_chainlabel chain, int verbose, + struct xtc_handle *handle) { if (!chain) return for_each_chain4(zero_entries, verbose, 1, handle); @@ -917,8 +917,8 @@ zero_entries(const ipt_chainlabel chain, int verbose, } int -delete_chain4(const ipt_chainlabel chain, int verbose, - struct iptc_handle *handle) +delete_chain4(const xt_chainlabel chain, int verbose, + struct xtc_handle *handle) { if (!chain) return for_each_chain4(delete_chain4, verbose, 0, handle); @@ -929,8 +929,8 @@ delete_chain4(const ipt_chainlabel chain, int verbose, } static int -list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric, - int expanded, int linenumbers, struct iptc_handle *handle) +list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric, + int expanded, int linenumbers, struct xtc_handle *handle) { int found = 0; unsigned int format; @@ -1041,7 +1041,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask, } } -static int print_match_save(const struct ipt_entry_match *e, +static int print_match_save(const struct xt_entry_match *e, const struct ipt_ip *ip) { const struct xtables_match *match = @@ -1097,9 +1097,9 @@ static void print_ip(const char *prefix, uint32_t ip, /* We want this to be readable, so only print out neccessary fields. * Because that's the kind of world I want to live in. */ void print_rule4(const struct ipt_entry *e, - struct iptc_handle *h, const char *chain, int counters) + struct xtc_handle *h, const char *chain, int counters) { - const struct ipt_entry_target *t; + const struct xt_entry_target *t; const char *target_name; /* print counters for iptables-save */ @@ -1122,7 +1122,7 @@ void print_rule4(const struct ipt_entry *e, print_iface('o', e->ip.outiface, e->ip.outiface_mask, e->ip.invflags & IPT_INV_VIA_OUT); - print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO); + print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO); if (e->ip.flags & IPT_F_FRAG) printf("%s -f", @@ -1161,11 +1161,11 @@ void print_rule4(const struct ipt_entry *e, if (target->save) target->save(&e->ip, t); else { - /* If the target size is greater than ipt_entry_target + /* If the target size is greater than xt_entry_target * there is something to be saved, we just don't know * how to print it */ if (t->u.target_size != - sizeof(struct ipt_entry_target)) { + sizeof(struct xt_entry_target)) { fprintf(stderr, "Target `%s' is missing " "save function\n", t->u.user.name); @@ -1177,8 +1177,8 @@ void print_rule4(const struct ipt_entry *e, } static int -list_rules(const ipt_chainlabel chain, int rulenum, int counters, - struct iptc_handle *handle) +list_rules(const xt_chainlabel chain, int rulenum, int counters, + struct xtc_handle *handle) { const char *this = NULL; int found = 0; @@ -1195,7 +1195,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters, continue; if (iptc_builtin(this, handle)) { - struct ipt_counters count; + struct xt_counters count; printf("-P %s %s", this, iptc_get_policy(this, &count, handle)); if (counters) printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt); @@ -1232,7 +1232,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters, static struct ipt_entry * generate_entry(const struct ipt_entry *fw, struct xtables_rule_match *matches, - struct ipt_entry_target *target) + struct xt_entry_target *target) { unsigned int size; struct xtables_rule_match *matchp; @@ -1290,7 +1290,7 @@ static void command_jump(struct iptables_command_state *cs) if (cs->target == NULL) return; - size = XT_ALIGN(sizeof(struct ipt_entry_target)) + size = XT_ALIGN(sizeof(struct xt_entry_target)) + cs->target->size; cs->target->t = xtables_calloc(1, size); @@ -1321,7 +1321,7 @@ static void command_match(struct iptables_command_state *cs) "unexpected ! flag before --match"); m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches); - size = XT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; + size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size; m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); @@ -1340,7 +1340,7 @@ static void command_match(struct iptables_command_state *cs) xtables_error(OTHER_PROBLEM, "can't alloc memory!"); } -int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handle) +int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle) { struct iptables_command_state cs; struct ipt_entry *e = NULL; @@ -1559,7 +1559,7 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl cs.fw.ip.proto = xtables_parse_protocol(cs.protocol); if (cs.fw.ip.proto == 0 - && (cs.fw.ip.invflags & IPT_INV_PROTO)) + && (cs.fw.ip.invflags & XT_INV_PROTO)) xtables_error(PARAMETER_PROBLEM, "rule would never match protocol"); break; @@ -1837,10 +1837,10 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl || iptc_is_chain(cs.jumpto, *handle))) { size_t size; - cs.target = xtables_find_target(IPT_STANDARD_TARGET, + cs.target = xtables_find_target(XT_STANDARD_TARGET, XTF_LOAD_MUST_SUCCEED); - size = sizeof(struct ipt_entry_target) + size = sizeof(struct xt_entry_target) + cs.target->size; cs.target->t = xtables_calloc(1, size); cs.target->t->u.target_size = size; |