From ec934198bd6ee2f21171dba440ca96334b0d874b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 09:54:04 +0100 Subject: libxtables: recognize IP6TABLES_LIB_DIR old-style environment variable Commit v1.4.3-rc1-47-g300e290 tried to consolidate the environment variable presence checking code into xtables.c, but missed adding IP6TABLES_LIB_DIR to libxtables. Signed-off-by: Jan Engelhardt --- xtables.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/xtables.c b/xtables.c index 6c954754..c8988893 100644 --- a/xtables.c +++ b/xtables.c @@ -110,6 +110,19 @@ void xtables_init(void) "use XTABLES_LIBDIR.\n"); return; } + /* + * Well yes, IP6TABLES_LIB_DIR is of lower priority over + * IPTABLES_LIB_DIR since this moved to libxtables; I think that is ok + * for these env vars are deprecated anyhow, and in light of the + * (shared) libxt_*.so files, makes less sense to have + * IPTABLES_LIB_DIR != IP6TABLES_LIB_DIR. + */ + xtables_libdir = getenv("IP6TABLES_LIB_DIR"); + if (xtables_libdir != NULL) { + fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, " + "use XTABLES_LIBDIR.\n"); + return; + } xtables_libdir = XTABLES_LIBDIR; } -- cgit v1.2.3 From 5c3e0767764bb7fa1db61ac326e8359161380e21 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:20:19 +0100 Subject: build: move -ldl to proper LDADD libxtables uses dlopen, so *it* has to use -ldl, not the main program. Signed-off-by: Jan Engelhardt --- Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 0ffb9785..23489762 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,11 +15,12 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c lib_LTLIBRARIES = libxtables.la libxtables_la_SOURCES = xtables.c libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage} +libxtables_la_LIBADD = -ldl # iptables, dynamic iptables_SOURCES = iptables-standalone.c iptables.c iptables_LDFLAGS = -rdynamic -iptables_LDADD = -ldl -lm libiptc/libiptc.a extensions/libext4.a libxtables.la +iptables_LDADD = -lm libiptc/libiptc.a extensions/libext4.a libxtables.la iptables_multi_SOURCES = iptables-multi.c iptables-save.c \ iptables-restore.c iptables-xml.c \ @@ -46,7 +47,7 @@ iptables_xml_SOURCES = iptables-xml.c # ip6tables, dynamic ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c ip6tables_LDFLAGS = -rdynamic -ip6tables_LDADD = -ldl -lm libiptc/libiptc.a extensions/libext6.a libxtables.la +ip6tables_LDADD = -lm libiptc/libiptc.a extensions/libext6.a libxtables.la ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \ ip6tables-restore.c ip6tables-standalone.c \ -- cgit v1.2.3 From b6601f3a4f65d0956dd829b63c503875b10d5c74 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:25:08 +0100 Subject: libxtables: remove unused XT_LIB_DIR macro Signed-off-by: Jan Engelhardt --- include/xtables/internal.h.in | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in index 81ddb48a..5e34694a 100644 --- a/include/xtables/internal.h.in +++ b/include/xtables/internal.h.in @@ -3,10 +3,6 @@ #define IPTABLES_VERSION "@PACKAGE_VERSION@" -#ifndef XT_LIB_DIR -# define XT_LIB_DIR "/usr/local/lib/iptables" -#endif - /** * Program's own name and version. */ -- cgit v1.2.3 From c02e80878979d2205f3d89d05548397871e598e9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:40:15 +0100 Subject: libxtables: decouple non-xtables parts from header Signed-off-by: Jan Engelhardt --- .gitignore | 2 +- Makefile.am | 2 +- configure.ac | 2 +- include/ip6tables.h | 1 + include/iptables.h | 1 + include/iptables/internal.h.in | 11 +++++++++++ include/xtables.h.in | 7 ++++++- include/xtables/internal.h.in | 13 ------------- 8 files changed, 22 insertions(+), 17 deletions(-) create mode 100644 include/iptables/internal.h.in delete mode 100644 include/xtables/internal.h.in diff --git a/.gitignore b/.gitignore index 116de2c3..97c30045 100644 --- a/.gitignore +++ b/.gitignore @@ -18,7 +18,7 @@ Makefile.in /extensions/targets?.man /include/xtables.h -/include/xtables/internal.h +/include/iptables/internal.h /aclocal.m4 /autom4te*.cache diff --git a/Makefile.am b/Makefile.am index 23489762..0e247176 100644 --- a/Makefile.am +++ b/Makefile.am @@ -105,7 +105,7 @@ tarball: tar -C /tmp -cjf ${PACKAGE_TARNAME}-${PACKAGE_VERSION}.tar.bz2 --owner=root --group=root ${PACKAGE_TARNAME}-${PACKAGE_VERSION}/; rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION}; -config.status: include/xtables.h.in +config.status: include/xtables.h.in include/iptables/internal.h.in # ldconfig may fail when we are not root (as is the case in build systems) # so add appropriate protection that it does not let `make` fail. diff --git a/configure.ac b/configure.ac index bb32130c..888ba429 100644 --- a/configure.ac +++ b/configure.ac @@ -79,5 +79,5 @@ libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage)); AC_SUBST([libxtables_vmajor]) AC_CONFIG_FILES([Makefile extensions/GNUmakefile libipq/Makefile - include/xtables.h include/xtables/internal.h xtables.pc]) + include/xtables.h include/iptables/internal.h xtables.pc]) AC_OUTPUT diff --git a/include/ip6tables.h b/include/ip6tables.h index 1956cf06..663da9ca 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -4,6 +4,7 @@ #include #include #include +#include #ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ #define IP6T_SO_GET_REVISION_MATCH 68 diff --git a/include/iptables.h b/include/iptables.h index f7ae0cc5..ee769a58 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -4,6 +4,7 @@ #include #include #include +#include #ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) diff --git a/include/iptables/internal.h.in b/include/iptables/internal.h.in new file mode 100644 index 00000000..849e1722 --- /dev/null +++ b/include/iptables/internal.h.in @@ -0,0 +1,11 @@ +#ifndef IPTABLES_INTERNAL_H +#define IPTABLES_INTERNAL_H 1 + +#define IPTABLES_VERSION "@PACKAGE_VERSION@" + +/** + * Program's own name and version. + */ +extern const char *program_name, *program_version; + +#endif /* IPTABLES_INTERNAL_H */ diff --git a/include/xtables.h.in b/include/xtables.h.in index 02750fb9..1455e9cd 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -258,10 +258,15 @@ extern const struct xtables_pprot xtables_chain_protos[]; extern u_int16_t xtables_parse_protocol(const char *s); #ifdef XTABLES_INTERNAL + +/* Shipped modules rely on this... */ + # ifndef ARRAY_SIZE # define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) # endif -# include + +extern void _init(void); + #endif #endif /* _XTABLES_H */ diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in deleted file mode 100644 index 5e34694a..00000000 --- a/include/xtables/internal.h.in +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef _XTABLES_INTERNAL_H -#define _XTABLES_INTERNAL_H 1 - -#define IPTABLES_VERSION "@PACKAGE_VERSION@" - -/** - * Program's own name and version. - */ -extern const char *program_name, *program_version; - -extern void _init(void); - -#endif /* _XTABLES_INTERNAL_H */ -- cgit v1.2.3 From 395e441e20ea9ab7f37122bcfd76fec527fa447b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:43:08 +0100 Subject: src: remove iptables_rule_match indirection macro Signed-off-by: Jan Engelhardt --- include/ip6tables.h | 1 - include/iptables.h | 1 - ip6tables.c | 24 ++++++++++++------------ iptables.c | 24 ++++++++++++------------ 4 files changed, 24 insertions(+), 26 deletions(-) diff --git a/include/ip6tables.h b/include/ip6tables.h index 663da9ca..52e290c7 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -11,7 +11,6 @@ #define IP6T_SO_GET_REVISION_TARGET 69 #endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */ -#define ip6tables_rule_match xtables_rule_match #define ip6t_tryload xt_tryload extern int line; diff --git a/include/iptables.h b/include/iptables.h index ee769a58..74b244ed 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -11,7 +11,6 @@ #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) #endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ -#define iptables_rule_match xtables_rule_match #define ipt_tryload xt_tryload extern int line; diff --git a/ip6tables.c b/ip6tables.c index 233974f2..7fff4924 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -239,9 +239,9 @@ exit_tryhelp(int status) } static void -exit_printhelp(struct ip6tables_rule_match *matches) +exit_printhelp(struct xtables_rule_match *matches) { - struct ip6tables_rule_match *matchp = NULL; + struct xtables_rule_match *matchp = NULL; struct xtables_target *t = NULL; printf("%s v%s\n\n" @@ -426,7 +426,7 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * find_proto(const char *pname, enum xtables_tryload tryload, - int nolookup, struct ip6tables_rule_match **matches) + int nolookup, struct xtables_rule_match **matches) { unsigned int proto; @@ -839,11 +839,11 @@ insert_entry(const ip6t_chainlabel chain, } static unsigned char * -make_delete_mask(struct ip6t_entry *fw, struct ip6tables_rule_match *matches) +make_delete_mask(struct ip6t_entry *fw, struct xtables_rule_match *matches) { /* Establish mask for comparison */ unsigned int size; - struct ip6tables_rule_match *matchp; + struct xtables_rule_match *matchp; unsigned char *mask, *mptr; size = sizeof(struct ip6t_entry); @@ -880,7 +880,7 @@ delete_entry(const ip6t_chainlabel chain, const struct in6_addr daddrs[], int verbose, struct ip6tc_handle *handle, - struct ip6tables_rule_match *matches) + struct xtables_rule_match *matches) { unsigned int i, j; int ret = 1; @@ -1271,11 +1271,11 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters, static struct ip6t_entry * generate_entry(const struct ip6t_entry *fw, - struct ip6tables_rule_match *matches, + struct xtables_rule_match *matches, struct ip6t_entry_target *target) { unsigned int size; - struct ip6tables_rule_match *matchp; + struct xtables_rule_match *matchp; struct ip6t_entry *e; size = sizeof(struct ip6t_entry); @@ -1297,9 +1297,9 @@ generate_entry(const struct ip6t_entry *fw, return e; } -static void clear_rule_matches(struct ip6tables_rule_match **matches) +static void clear_rule_matches(struct xtables_rule_match **matches) { - struct ip6tables_rule_match *matchp, *tmp; + struct xtables_rule_match *matchp, *tmp; for (matchp = *matches; matchp;) { tmp = matchp->next; @@ -1342,8 +1342,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand const char *pcnt = NULL, *bcnt = NULL; int ret = 1; struct xtables_match *m; - struct ip6tables_rule_match *matches = NULL; - struct ip6tables_rule_match *matchp; + struct xtables_rule_match *matches = NULL; + struct xtables_rule_match *matchp; struct xtables_target *target = NULL; struct xtables_target *t; const char *jumpto = ""; diff --git a/iptables.c b/iptables.c index f1a5d33e..b0638232 100644 --- a/iptables.c +++ b/iptables.c @@ -250,9 +250,9 @@ exit_tryhelp(int status) } static void -exit_printhelp(struct iptables_rule_match *matches) +exit_printhelp(struct xtables_rule_match *matches) { - struct iptables_rule_match *matchp = NULL; + struct xtables_rule_match *matchp = NULL; struct xtables_target *t = NULL; printf("%s v%s\n\n" @@ -437,7 +437,7 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * find_proto(const char *pname, enum xtables_tryload tryload, - int nolookup, struct iptables_rule_match **matches) + int nolookup, struct xtables_rule_match **matches) { unsigned int proto; @@ -841,11 +841,11 @@ insert_entry(const ipt_chainlabel chain, } static unsigned char * -make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches) +make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches) { /* Establish mask for comparison */ unsigned int size; - struct iptables_rule_match *matchp; + struct xtables_rule_match *matchp; unsigned char *mask, *mptr; size = sizeof(struct ipt_entry); @@ -882,7 +882,7 @@ delete_entry(const ipt_chainlabel chain, const struct in_addr daddrs[], int verbose, struct iptc_handle *handle, - struct iptables_rule_match *matches) + struct xtables_rule_match *matches) { unsigned int i, j; int ret = 1; @@ -1279,11 +1279,11 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters, static struct ipt_entry * generate_entry(const struct ipt_entry *fw, - struct iptables_rule_match *matches, + struct xtables_rule_match *matches, struct ipt_entry_target *target) { unsigned int size; - struct iptables_rule_match *matchp; + struct xtables_rule_match *matchp; struct ipt_entry *e; size = sizeof(struct ipt_entry); @@ -1305,9 +1305,9 @@ generate_entry(const struct ipt_entry *fw, return e; } -static void clear_rule_matches(struct iptables_rule_match **matches) +static void clear_rule_matches(struct xtables_rule_match **matches) { - struct iptables_rule_match *matchp, *tmp; + struct xtables_rule_match *matchp, *tmp; for (matchp = *matches; matchp;) { tmp = matchp->next; @@ -1364,8 +1364,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle const char *pcnt = NULL, *bcnt = NULL; int ret = 1; struct xtables_match *m; - struct iptables_rule_match *matches = NULL; - struct iptables_rule_match *matchp; + struct xtables_rule_match *matches = NULL; + struct xtables_rule_match *matchp; struct xtables_target *target = NULL; struct xtables_target *t; const char *jumpto = ""; -- cgit v1.2.3 From ea955480a8ae43aa956ac62e1aab3f9670529819 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:43:42 +0100 Subject: src: remove unused ipt_tryload macro Signed-off-by: Jan Engelhardt --- include/ip6tables.h | 2 -- include/iptables.h | 2 -- 2 files changed, 4 deletions(-) diff --git a/include/ip6tables.h b/include/ip6tables.h index 52e290c7..b8478d40 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -11,8 +11,6 @@ #define IP6T_SO_GET_REVISION_TARGET 69 #endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */ -#define ip6t_tryload xt_tryload - extern int line; /* Your shared library should call one of these. */ diff --git a/include/iptables.h b/include/iptables.h index 74b244ed..963905aa 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -11,8 +11,6 @@ #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) #endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ -#define ipt_tryload xt_tryload - extern int line; /* Your shared library should call one of these. */ -- cgit v1.2.3 From c31870f9bebb3d4d082016fcfaf8c2177ae32eb2 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:48:28 +0100 Subject: libxtables: move compat defines to xtables.c Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt --- include/ip6tables.h | 5 ----- include/iptables.h | 5 ----- xtables.c | 9 +++++++++ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/include/ip6tables.h b/include/ip6tables.h index b8478d40..98f2da5c 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -6,11 +6,6 @@ #include #include -#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ -#define IP6T_SO_GET_REVISION_MATCH 68 -#define IP6T_SO_GET_REVISION_TARGET 69 -#endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */ - extern int line; /* Your shared library should call one of these. */ diff --git a/include/iptables.h b/include/iptables.h index 963905aa..d309059e 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -6,11 +6,6 @@ #include #include -#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ -#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) -#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) -#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ - extern int line; /* Your shared library should call one of these. */ diff --git a/xtables.c b/xtables.c index c8988893..3c89a9d1 100644 --- a/xtables.c +++ b/xtables.c @@ -39,6 +39,15 @@ #ifndef NO_SHARED_LIBS #include #endif +#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ +# define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) +# define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) +#endif +#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ +# define IP6T_SO_GET_REVISION_MATCH 68 +# define IP6T_SO_GET_REVISION_TARGET 69 +#endif + #define NPROTO 255 -- cgit v1.2.3 From 47a6fd9ec9891a8040eb8fd6db3c5012c1056061 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 10 Feb 2009 10:51:25 +0100 Subject: src: consolidate duplicate code in iptables/internal.h Signed-off-by: Jan Engelhardt --- include/ip6tables.h | 2 -- include/iptables.h | 2 -- include/iptables/internal.h.in | 2 ++ 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/ip6tables.h b/include/ip6tables.h index 98f2da5c..86587e6f 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -6,8 +6,6 @@ #include #include -extern int line; - /* Your shared library should call one of these. */ extern int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **handle); diff --git a/include/iptables.h b/include/iptables.h index d309059e..f0aa3455 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -6,8 +6,6 @@ #include #include -extern int line; - /* Your shared library should call one of these. */ extern int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle); diff --git a/include/iptables/internal.h.in b/include/iptables/internal.h.in index 849e1722..8568e581 100644 --- a/include/iptables/internal.h.in +++ b/include/iptables/internal.h.in @@ -8,4 +8,6 @@ */ extern const char *program_name, *program_version; +extern int line; + #endif /* IPTABLES_INTERNAL_H */ -- cgit v1.2.3