From cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adf Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 4 Sep 2012 05:24:47 +0200 Subject: iptables: support for target aliases This patch allows for target names listed on the command line to be rewritten to new names and revisions. As before, we will pick a revision that is supported by the kernel - now including real_name in the search. This gives us the possibility to test for many action names. Signed-off-by: Jan Engelhardt --- iptables/ip6tables.c | 7 ++++++- iptables/iptables.c | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'iptables') diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index b191d5df..752cf033 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1286,8 +1286,13 @@ static void command_jump(struct iptables_command_state *cs) cs->target->t = xtables_calloc(1, size); cs->target->t->u.target_size = size; - strcpy(cs->target->t->u.user.name, cs->jumpto); + strcpy(cs->target->t->u.user.name, cs->target->real_name); cs->target->t->u.user.revision = cs->target->revision; + if (cs->target->real_name != cs->target->name) + fprintf(stderr, "WARNING: The %s target is obsolete. " + "Use %s instead.\n", + cs->jumpto, cs->target->real_name); + xs_init_target(cs->target); if (cs->target->x6_options != NULL) opts = xtables_options_xfrm(ip6tables_globals.orig_opts, opts, diff --git a/iptables/iptables.c b/iptables/iptables.c index 03ac63b8..a237e93c 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1295,8 +1295,14 @@ static void command_jump(struct iptables_command_state *cs) cs->target->t = xtables_calloc(1, size); cs->target->t->u.target_size = size; - strcpy(cs->target->t->u.user.name, cs->jumpto); + strcpy(cs->target->t->u.user.name, cs->target->real_name); cs->target->t->u.user.revision = cs->target->revision; + if (cs->target->real_name != cs->target->name) + /* Alias support for userspace side */ + fprintf(stderr, "WARNING: The %s target is obsolete. " + "Use %s instead.\n", + cs->jumpto, cs->target->real_name); + xs_init_target(cs->target); if (cs->target->x6_options != NULL) -- cgit v1.2.3 From c436dad7cfdd80ca4a05ceed556c39babc266f55 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 27 Sep 2012 23:48:25 +0200 Subject: iptables: support for match aliases This patch allows for match names listed on the command line to be rewritten to new names and revisions, like we did for targets before. Signed-off-by: Jan Engelhardt --- iptables/ip6tables.c | 6 +++++- iptables/iptables.c | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'iptables') diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 752cf033..f93bfb33 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1319,8 +1319,12 @@ static void command_match(struct iptables_command_state *cs) size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size; m->m = xtables_calloc(1, size); m->m->u.match_size = size; - strcpy(m->m->u.user.name, m->name); + strcpy(m->m->u.user.name, m->real_name); m->m->u.user.revision = m->revision; + if (m->real_name != m->name) + fprintf(stderr, "WARNING: The %s match is obsolete. " + "Use %s instead.\n", m->name, m->real_name); + xs_init_match(m); if (m == m->next) return; diff --git a/iptables/iptables.c b/iptables/iptables.c index a237e93c..5786bfdd 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1330,8 +1330,12 @@ static void command_match(struct iptables_command_state *cs) size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size; m->m = xtables_calloc(1, size); m->m->u.match_size = size; - strcpy(m->m->u.user.name, m->name); + strcpy(m->m->u.user.name, m->real_name); m->m->u.user.revision = m->revision; + if (m->real_name != m->name) + fprintf(stderr, "WARNING: The %s match is obsolete. " + "Use %s instead.\n", m->name, m->real_name); + xs_init_match(m); if (m == m->next) return; -- cgit v1.2.3