From e917bca09924435f3fca23c01042543b1826c81e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 18:14:21 +0100 Subject: extensions: use UINT_MAX constants over open-coded numbers (2/2) Use the handy constants for ranges. Signed-off-by: Jan Engelhardt --- iptables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index b75df871..2b5a82ee 100644 --- a/iptables.c +++ b/iptables.c @@ -486,7 +486,7 @@ find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct ipt { unsigned int proto; - if (string_to_number(pname, 0, 255, &proto) != -1) { + if (string_to_number(pname, 0, UINT8_MAX, &proto) != -1) { char *protoname = proto_to_name(proto, nolookup); if (protoname) @@ -502,7 +502,7 @@ parse_protocol(const char *s) { unsigned int proto; - if (string_to_number(s, 0, 255, &proto) == -1) { + if (string_to_number(s, 0, UINT8_MAX, &proto) == -1) { struct protoent *pent; /* first deal with the special case of 'all' to prevent -- cgit v1.2.3 From 630ef48037f3602333addfdb53789c9c6a4bb4c8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 14:58:41 +0100 Subject: libxtables: prefix/order - fw_xalloc It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt --- iptables.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 2b5a82ee..8068cc80 100644 --- a/iptables.c +++ b/iptables.c @@ -932,7 +932,7 @@ make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches) for (matchp = matches; matchp; matchp = matchp->next) size += IPT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size; - mask = fw_calloc(1, size + mask = xtables_calloc(1, size + IPT_ALIGN(sizeof(struct ipt_entry_target)) + xtables_targets->size); @@ -998,7 +998,7 @@ for_each_chain(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), chain = iptc_next_chain(handle); } - chains = fw_malloc(sizeof(ipt_chainlabel) * chaincount); + chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount); i = 0; chain = iptc_first_chain(handle); while (chain) { @@ -1370,7 +1370,7 @@ generate_entry(const struct ipt_entry *fw, for (matchp = matches; matchp; matchp = matchp->next) size += matchp->match->m->u.match_size; - e = fw_malloc(size + target->u.target_size); + e = xtables_malloc(size + target->u.target_size); *e = *fw; e->target_offset = size; e->next_offset = size + target->u.target_size; @@ -1679,7 +1679,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + target->size; - target->t = fw_calloc(1, size); + target->t = xtables_calloc(1, size); target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); set_revision(target->t->u.user.name, @@ -1737,7 +1737,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle m = find_match(optarg, LOAD_MUST_SUCCEED, &matches); size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; - m->m = fw_calloc(1, size); + m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, m->revision); @@ -1891,7 +1891,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; - m->m = fw_calloc(1, size); + m->m = xtables_calloc(1, size); m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, @@ -2051,7 +2051,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle size = sizeof(struct ipt_entry_target) + target->size; - target->t = fw_calloc(1, size); + target->t = xtables_calloc(1, size); target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); if (!iptc_is_chain(jumpto, *handle)) -- cgit v1.2.3 From c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaa Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:10:05 +0100 Subject: libxtables: prefix/order - modprobe and xtables.ko loading This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt --- iptables.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 8068cc80..75fe5831 100644 --- a/iptables.c +++ b/iptables.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -1786,7 +1787,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'M': - modprobe_program = optarg; + xtables_modprobe_program = optarg; break; case 'c': @@ -1996,7 +1997,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle *handle = iptc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && load_xtables_ko(modprobe_program, 0) != -1) + if (!*handle && xtables_load_ko(xtables_modprobe_program, false) != -1) *handle = iptc_init(*table); if (!*handle) -- cgit v1.2.3 From 2338efd8f799d8373dc196c797bda9690283b698 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:23:01 +0100 Subject: libxtables: prefix/order - match/target loading This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt --- iptables.c | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 75fe5831..07ace197 100644 --- a/iptables.c +++ b/iptables.c @@ -483,7 +483,8 @@ check_inverse(const char option[], int *invert, int *my_optind, int argc) /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * -find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches) +find_proto(const char *pname, enum xtables_tryload tryload, + int nolookup, struct iptables_rule_match **matches) { unsigned int proto; @@ -491,9 +492,9 @@ find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct ipt char *protoname = proto_to_name(proto, nolookup); if (protoname) - return find_match(protoname, tryload, matches); + return xtables_find_match(protoname, tryload, matches); } else - return find_match(pname, tryload, matches); + return xtables_find_match(pname, tryload, matches); return NULL; } @@ -701,7 +702,8 @@ print_match(const struct ipt_entry_match *m, const struct ipt_ip *ip, int numeric) { - struct xtables_match *match = find_match(m->u.user.name, TRY_LOAD, NULL); + struct xtables_match *match = + xtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL); if (match) { if (match->print) @@ -730,9 +732,10 @@ print_firewall(const struct ipt_entry *fw, char buf[BUFSIZ]; if (!iptc_is_chain(targname, handle)) - target = find_target(targname, TRY_LOAD); + target = xtables_find_target(targname, XTF_TRY_LOAD); else - target = find_target(IPT_STANDARD_TARGET, LOAD_MUST_SUCCEED); + target = xtables_find_target(IPT_STANDARD_TARGET, + XTF_LOAD_MUST_SUCCEED); t = ipt_get_target((struct ipt_entry *)fw); flags = fw->ip.flags; @@ -1174,8 +1177,8 @@ print_iface(char letter, const char *iface, const unsigned char *mask, static int print_match_save(const struct ipt_entry_match *e, const struct ipt_ip *ip) { - struct xtables_match *match - = find_match(e->u.user.name, TRY_LOAD, NULL); + struct xtables_match *match = + xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL); if (match) { printf("-m %s ", e->u.user.name); @@ -1278,8 +1281,8 @@ void print_rule(const struct ipt_entry *e, /* Print targinfo part */ t = ipt_get_target((struct ipt_entry *)e); if (t->u.user.name[0]) { - struct xtables_target *target - = find_target(t->u.user.name, TRY_LOAD); + struct xtables_target *target = + xtables_find_target(t->u.user.name, XTF_TRY_LOAD); if (!target) { fprintf(stderr, "Can't find library for target `%s'\n", @@ -1568,7 +1571,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle exit_error(PARAMETER_PROBLEM, "chain name not allowed to start " "with `%c'\n", *optarg); - if (find_target(optarg, TRY_LOAD)) + if (xtables_find_target(optarg, XTF_TRY_LOAD)) exit_error(PARAMETER_PROBLEM, "chain name may not clash " "with target name\n"); @@ -1619,7 +1622,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle /* iptables -p icmp -h */ if (!matches && protocol) - find_match(protocol, TRY_LOAD, &matches); + xtables_find_match(protocol, + XTF_TRY_LOAD, &matches); exit_printhelp(matches); @@ -1672,7 +1676,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle invert); jumpto = parse_target(optarg); /* TRY_LOAD (may be chain name) */ - target = find_target(jumpto, TRY_LOAD); + target = xtables_find_target(jumpto, XTF_TRY_LOAD); if (target) { size_t size; @@ -1735,7 +1739,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle exit_error(PARAMETER_PROBLEM, "unexpected ! flag before --match"); - m = find_match(optarg, LOAD_MUST_SUCCEED, &matches); + m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, + &matches); size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size; m->m = xtables_calloc(1, size); @@ -1876,13 +1881,13 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle */ if (m == NULL && protocol - && (!find_proto(protocol, DONT_LOAD, + && (!find_proto(protocol, XTF_DONT_LOAD, options&OPT_NUMERIC, NULL) - || (find_proto(protocol, DONT_LOAD, + || (find_proto(protocol, XTF_DONT_LOAD, options&OPT_NUMERIC, NULL) && (proto_used == 0)) ) - && (m = find_proto(protocol, TRY_LOAD, + && (m = find_proto(protocol, XTF_TRY_LOAD, options&OPT_NUMERIC, &matches))) { /* Try loading protocol */ size_t size; @@ -2047,8 +2052,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle || iptc_is_chain(jumpto, *handle))) { size_t size; - target = find_target(IPT_STANDARD_TARGET, - LOAD_MUST_SUCCEED); + target = xtables_find_target(IPT_STANDARD_TARGET, + XTF_LOAD_MUST_SUCCEED); size = sizeof(struct ipt_entry_target) + target->size; @@ -2072,7 +2077,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle exit_error(PARAMETER_PROBLEM, "goto '%s' is not a chain\n", jumpto); #endif - find_target(jumpto, LOAD_MUST_SUCCEED); + xtables_find_target(jumpto, XTF_LOAD_MUST_SUCCEED); } else { e = generate_entry(&fw, matches, target->t); free(target->t); -- cgit v1.2.3 From 5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 18:43:01 +0100 Subject: libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt --- iptables.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 07ace197..15b5b6f4 100644 --- a/iptables.c +++ b/iptables.c @@ -488,7 +488,7 @@ find_proto(const char *pname, enum xtables_tryload tryload, { unsigned int proto; - if (string_to_number(pname, 0, UINT8_MAX, &proto) != -1) { + if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { char *protoname = proto_to_name(proto, nolookup); if (protoname) @@ -504,7 +504,7 @@ parse_protocol(const char *s) { unsigned int proto; - if (string_to_number(s, 0, UINT8_MAX, &proto) == -1) { + if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { struct protoent *pent; /* first deal with the special case of 'all' to prevent @@ -542,7 +542,7 @@ parse_rulenumber(const char *rule) { unsigned int rulenum; - if (string_to_number(rule, 1, INT_MAX, &rulenum) == -1) + if (!xtables_strtoui(rule, NULL, &rulenum, 1, INT_MAX)) exit_error(PARAMETER_PROBLEM, "Invalid rule number `%s'", rule); -- cgit v1.2.3 From a41545ca7cde43e0ba53260ba74bd9bf74025a68 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 21:27:19 +0100 Subject: libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt --- iptables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 15b5b6f4..9adc2093 100644 --- a/iptables.c +++ b/iptables.c @@ -367,7 +367,7 @@ exit_printhelp(struct iptables_rule_match *matches) } void -exit_error(enum exittype status, const char *msg, ...) +exit_error(enum xtables_exittype status, const char *msg, ...) { va_list args; -- cgit v1.2.3 From e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 03:55:09 +0100 Subject: libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt --- iptables.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 9adc2093..d3906fc9 100644 --- a/iptables.c +++ b/iptables.c @@ -803,10 +803,10 @@ print_firewall(const struct ipt_entry *fw, printf(FMT("%-19s ","%s "), "anywhere"); else { if (format & FMT_NUMERIC) - sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.src)); + strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.src)); else - sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.src)); - strcat(buf, ipmask_to_numeric(&fw->ip.smsk)); + strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.src)); + strcat(buf, xtables_ipmask_to_numeric(&fw->ip.smsk)); printf(FMT("%-19s ","%s "), buf); } @@ -815,10 +815,10 @@ print_firewall(const struct ipt_entry *fw, printf(FMT("%-19s ","-> %s"), "anywhere"); else { if (format & FMT_NUMERIC) - sprintf(buf, "%s", ipaddr_to_numeric(&fw->ip.dst)); + strcpy(buf, xtables_ipaddr_to_numeric(&fw->ip.dst)); else - sprintf(buf, "%s", ipaddr_to_anyname(&fw->ip.dst)); - strcat(buf, ipmask_to_numeric(&fw->ip.dmsk)); + strcpy(buf, xtables_ipaddr_to_anyname(&fw->ip.dst)); + strcat(buf, xtables_ipmask_to_numeric(&fw->ip.dmsk)); printf(FMT("%-19s ","-> %s"), buf); } -- cgit v1.2.3 From aae6be9edc99e58164a3592c510fe5488141c698 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:24:47 +0100 Subject: libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt --- iptables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index d3906fc9..aeb40d8a 100644 --- a/iptables.c +++ b/iptables.c @@ -1705,7 +1705,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags, invert); - parse_interface(argv[optind-1], + xtables_parse_interface(argv[optind-1], fw.ip.iniface, fw.ip.iniface_mask); break; @@ -1714,7 +1714,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags, invert); - parse_interface(argv[optind-1], + xtables_parse_interface(argv[optind-1], fw.ip.outiface, fw.ip.outiface_mask); break; -- cgit v1.2.3 From a0baae85f8159f03d52535934aa9b3a375e0f1f3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:32:50 +0100 Subject: libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt --- iptables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index aeb40d8a..925464c0 100644 --- a/iptables.c +++ b/iptables.c @@ -1974,11 +1974,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle } if (shostnetworkmask) - ipparse_hostnetworkmask(shostnetworkmask, &saddrs, + xtables_ipparse_any(shostnetworkmask, &saddrs, &fw.ip.smsk, &nsaddrs); if (dhostnetworkmask) - ipparse_hostnetworkmask(dhostnetworkmask, &daddrs, + xtables_ipparse_any(dhostnetworkmask, &daddrs, &fw.ip.dmsk, &ndaddrs); if ((nsaddrs > 1 || ndaddrs > 1) && -- cgit v1.2.3 From 0f16c725aadaac7e670d632ecbaea3661ff00827 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:55:38 +0100 Subject: libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt --- iptables.c | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 925464c0..ea765b0b 100644 --- a/iptables.c +++ b/iptables.c @@ -452,26 +452,6 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, *cmd |= newcmd; } -int -check_inverse(const char option[], int *invert, int *my_optind, int argc) -{ - if (option && strcmp(option, "!") == 0) { - if (*invert) - exit_error(PARAMETER_PROBLEM, - "Multiple `!' flags not allowed"); - *invert = TRUE; - if (my_optind != NULL) { - ++*my_optind; - if (argc && *my_optind > argc) - exit_error(PARAMETER_PROBLEM, - "no argument following `!'"); - } - - return TRUE; - } - return FALSE; -} - /* * All functions starting with "parse" should succeed, otherwise * the program fails. @@ -1631,7 +1611,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle * Option selection */ case 'p': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_PROTOCOL, &fw.ip.invflags, invert); @@ -1649,14 +1629,14 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 's': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_SOURCE, &fw.ip.invflags, invert); shostnetworkmask = argv[optind-1]; break; case 'd': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_DESTINATION, &fw.ip.invflags, invert); dhostnetworkmask = argv[optind-1]; @@ -1702,7 +1682,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle case 'i': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags, invert); xtables_parse_interface(argv[optind-1], @@ -1711,7 +1691,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle break; case 'o': - check_inverse(optarg, &invert, &optind, argc); + xtables_check_inverse(optarg, &invert, &optind, argc); set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags, invert); xtables_parse_interface(argv[optind-1], -- cgit v1.2.3 From 1de7edffc9085c0f41c261dca995e28ae4126c29 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 05:38:11 +0100 Subject: libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt --- iptables.c | 75 +++++++++----------------------------------------------------- 1 file changed, 10 insertions(+), 65 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index ea765b0b..b43aadfd 100644 --- a/iptables.c +++ b/iptables.c @@ -194,13 +194,6 @@ const char *program_name; int kernel_version; -/* A few hardcoded protocols for 'all' and in case the user has no - /etc/protocols */ -struct pprot { - char *name; - u_int8_t num; -}; - struct afinfo afinfo = { .family = NFPROTO_IPV4, .libprefix = "libipt_", @@ -221,18 +214,7 @@ struct afinfo afinfo = { #endif #endif -static const struct pprot chain_protos[] = { - { "tcp", IPPROTO_TCP }, - { "udp", IPPROTO_UDP }, - { "udplite", IPPROTO_UDPLITE }, - { "icmp", IPPROTO_ICMP }, - { "esp", IPPROTO_ESP }, - { "ah", IPPROTO_AH }, - { "sctp", IPPROTO_SCTP }, - { "all", 0 }, -}; - -static char * +static const char * proto_to_name(u_int8_t proto, int nolookup) { unsigned int i; @@ -243,9 +225,9 @@ proto_to_name(u_int8_t proto, int nolookup) return pent->p_name; } - for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) - if (chain_protos[i].num == proto) - return chain_protos[i].name; + for (i = 0; xtables_chain_protos[i].name != NULL; ++i) + if (xtables_chain_protos[i].num == proto) + return xtables_chain_protos[i].name; return NULL; } @@ -469,7 +451,7 @@ find_proto(const char *pname, enum xtables_tryload tryload, unsigned int proto; if (xtables_strtoui(pname, NULL, &proto, 0, UINT8_MAX)) { - char *protoname = proto_to_name(proto, nolookup); + const char *protoname = proto_to_name(proto, nolookup); if (protoname) return xtables_find_match(protoname, tryload, matches); @@ -479,43 +461,6 @@ find_proto(const char *pname, enum xtables_tryload tryload, return NULL; } -u_int16_t -parse_protocol(const char *s) -{ - unsigned int proto; - - if (!xtables_strtoui(s, NULL, &proto, 0, UINT8_MAX)) { - struct protoent *pent; - - /* first deal with the special case of 'all' to prevent - * people from being able to redefine 'all' in nsswitch - * and/or provoke expensive [not working] ldap/nis/... - * lookups */ - if (!strcmp(s, "all")) - return 0; - - if ((pent = getprotobyname(s))) - proto = pent->p_proto; - else { - unsigned int i; - for (i = 0; - i < sizeof(chain_protos)/sizeof(struct pprot); - i++) { - if (strcmp(s, chain_protos[i].name) == 0) { - proto = chain_protos[i].num; - break; - } - } - if (i == sizeof(chain_protos)/sizeof(struct pprot)) - exit_error(PARAMETER_PROBLEM, - "unknown protocol `%s' specified", - s); - } - } - - return (u_int16_t)proto; -} - /* Can't be zero. */ static int parse_rulenumber(const char *rule) @@ -733,7 +678,7 @@ print_firewall(const struct ipt_entry *fw, fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout); { - char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); + const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC); if (pname) printf(FMT("%-5s", "%s "), pname); else @@ -1107,10 +1052,10 @@ static void print_proto(u_int16_t proto, int invert) return; } - for (i = 0; i < sizeof(chain_protos)/sizeof(struct pprot); i++) - if (chain_protos[i].num == proto) { + for (i = 0; xtables_chain_protos[i].name != NULL; ++i) + if (xtables_chain_protos[i].num == proto) { printf("-p %s%s ", - invertstr, chain_protos[i].name); + invertstr, xtables_chain_protos[i].name); return; } @@ -1620,7 +1565,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle *protocol = tolower(*protocol); protocol = argv[optind-1]; - fw.ip.proto = parse_protocol(protocol); + fw.ip.proto = xtables_parse_protocol(protocol); if (fw.ip.proto == 0 && (fw.ip.invflags & IPT_INV_PROTO)) -- cgit v1.2.3 From 77f48c2f1ef21fa43aa68c25a1457db319ca2526 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 7 Feb 2009 19:59:53 +0100 Subject: libxtables: move afinfo around libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt --- iptables.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index b43aadfd..f1a5d33e 100644 --- a/iptables.c +++ b/iptables.c @@ -194,15 +194,6 @@ const char *program_name; int kernel_version; -struct afinfo afinfo = { - .family = NFPROTO_IPV4, - .libprefix = "libipt_", - .ipproto = IPPROTO_IP, - .kmod = "ip_tables", - .so_rev_match = IPT_SO_GET_REVISION_MATCH, - .so_rev_target = IPT_SO_GET_REVISION_TARGET, -}; - /* Primitive headers... */ /* defined in netinet/in.h */ #if 0 -- cgit v1.2.3