diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | arptables.c | 5 | ||||
| -rw-r--r-- | include/arptables.h | 2 | ||||
| -rw-r--r-- | include/libarptc/libarptc.h | 5 | ||||
| -rw-r--r-- | libarptc/libarptc.c | 2 | ||||
| -rw-r--r-- | libarptc/libarptc_incl.c | 22 |
6 files changed, 21 insertions, 18 deletions
@@ -6,9 +6,8 @@ KERNEL_DIR=include/linux endif ARPTABLES_VERSION:=0.0.3 OLD_ARPTABLES_VERSION:=0.0.2 -MANDIR?=/usr/local/man -PREFIX:=/usr/local +PREFIX:=$(DESTDIR)/usr/local LIBDIR:=$(PREFIX)/lib BINDIR:=$(PREFIX)/sbin MANDIR:=$(PREFIX)/man diff --git a/arptables.c b/arptables.c index 225f36a..b10361f 100644 --- a/arptables.c +++ b/arptables.c @@ -154,7 +154,7 @@ static struct option original_opts[] = { { 0 } }; -int NF_ARP_NUMHOOKS = 3; +int RUNTIME_NF_ARP_NUMHOOKS = 3; /*#ifndef __OPTIMIZE__ struct arpt_entry_target * @@ -1785,7 +1785,8 @@ int do_command(int argc, char *argv[], char **table, arptc_handle_t *handle) arptables_insmod("arp_tables", modprobe); *handle = arptc_init(*table); if (!*handle) { - NF_ARP_NUMHOOKS = 2; + /* 2.4 kernel: NF_ARP_NUMHOOKS = 2 */ + RUNTIME_NF_ARP_NUMHOOKS = 2; *handle = arptc_init(*table); if (!*handle) { exit_error(VERSION_PROBLEM, diff --git a/include/arptables.h b/include/arptables.h index ed4a549..820b664 100644 --- a/include/arptables.h +++ b/include/arptables.h @@ -115,8 +115,6 @@ struct arptables_target unsigned int loaded; /* simulate loading so options are merged properly */ }; -extern int NF_ARP_NUMHOOKS; /* boy, this is dirty */ - /* Your shared library should call one of these. */ extern void register_match(struct arptables_match *me); extern void register_target(struct arptables_target *me); diff --git a/include/libarptc/libarptc.h b/include/libarptc/libarptc.h index b7d3d36..e4f1175 100644 --- a/include/libarptc/libarptc.h +++ b/include/libarptc/libarptc.h @@ -21,6 +21,11 @@ typedef char arpt_chainlabel[32]; #define ARPTC_LABEL_QUEUE "QUEUE" #define ARPTC_LABEL_RETURN "RETURN" + +/* NF_ARP_NUMHOOKS is different on 2.4 and 2.6; hack to support both */ +extern int RUNTIME_NF_ARP_NUMHOOKS; /* boy, this is dirty */ + + /* Transparent handle type. */ typedef struct arptc_handle *arptc_handle_t; diff --git a/libarptc/libarptc.c b/libarptc/libarptc.c index 7be48d7..c862694 100644 --- a/libarptc/libarptc.c +++ b/libarptc/libarptc.c @@ -470,7 +470,7 @@ do_check(TC_HANDLE_T h, unsigned int line) /* Overflows should be end of entry chains, and unconditional policy nodes. */ - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { STRUCT_ENTRY *e; STRUCT_STANDARD_TARGET *t; diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c index 409602f..0e464d7 100644 --- a/libarptc/libarptc_incl.c +++ b/libarptc/libarptc_incl.c @@ -1,4 +1,4 @@ -/* Library which manipulates firewall rules. Version $Revision: 1.4 $ */ +/* Library which manipulates firewall rules. Version $Revision: 1.5 $ */ /* Architecture of firewall rules is as follows: * @@ -234,7 +234,7 @@ TC_INIT(const char *tablename) return NULL; s = sizeof(info); - if (NF_ARP_NUMHOOKS == 2) + if (RUNTIME_NF_ARP_NUMHOOKS == 2) s -= 2 * sizeof(unsigned int); if (strlen(tablename) >= TABLE_MAXNAMELEN) { @@ -245,7 +245,7 @@ TC_INIT(const char *tablename) if (getsockopt(sockfd, TC_IPPROTO, SO_GET_INFO, &info, &s) < 0) return NULL; - if (NF_ARP_NUMHOOKS == 2) { + if (RUNTIME_NF_ARP_NUMHOOKS == 2) { memmove(&(info.hook_entry[3]), &(info.hook_entry[2]), 5 * sizeof(unsigned int)); memmove(&(info.underflow[3]), &(info.underflow[2]), @@ -331,7 +331,7 @@ is_hook_entry(STRUCT_ENTRY *e, TC_HANDLE_T h) { unsigned int i; - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { if ((h->info.valid_hooks & (1 << i)) && get_entry(h, h->info.hook_entry[i]) == e) return i+1; @@ -403,7 +403,7 @@ static int populate_cache(TC_HANDLE_T h) h->cache_num_builtins = 0; /* Count builtins */ - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { if (h->info.valid_hooks & (1 << i)) h->cache_num_builtins++; } @@ -464,7 +464,7 @@ get_chain_end(const TC_HANDLE_T handle, unsigned int start) e = get_entry(handle, off); /* We hit an entry point. */ - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { if ((handle->info.valid_hooks & (1 << i)) && off == handle->info.hook_entry[i]) return last_off; @@ -633,7 +633,7 @@ TC_BUILTIN(const char *chain, const TC_HANDLE_T handle) { unsigned int i; - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { if ((handle->info.valid_hooks & (1 << i)) && handle->hooknames[i] && strcmp(handle->hooknames[i], chain) == 0) @@ -718,7 +718,7 @@ insert_rules(unsigned int num_rules, unsigned int rules_size, newinfo = (*handle)->info; /* Fix up entry points. */ - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { /* Entry points to START of chain, so keep same if inserting on at that point. */ if ((*handle)->info.hook_entry[i] > offset) @@ -786,7 +786,7 @@ delete_rules(unsigned int num_rules, unsigned int rules_size, } /* Fix up entry points. */ - for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + for (i = 0; i < RUNTIME_NF_ARP_NUMHOOKS; i++) { /* In practice, we never delete up to a hook entry, since the built-in chains are always first, so these two are never equal */ @@ -1634,7 +1634,7 @@ TC_COMMIT(TC_HANDLE_T *handle) memcpy(repl->entries, (*handle)->entries.entrytable, (*handle)->entries.size); - if (NF_ARP_NUMHOOKS == 2) { + if (RUNTIME_NF_ARP_NUMHOOKS == 2) { memmove(&(repl->underflow[2]), &(repl->underflow[3]), ((*handle)->entries.size) + sizeof(struct arpt_replace)); memmove(&(repl->hook_entry[2]), &(repl->hook_entry[3]), @@ -1650,7 +1650,7 @@ TC_COMMIT(TC_HANDLE_T *handle) return 0; } - if (NF_ARP_NUMHOOKS == 2) { + if (RUNTIME_NF_ARP_NUMHOOKS == 2) { memmove(&(repl->hook_entry[3]), &(repl->hook_entry[2]), ((*handle)->entries.size) + sizeof(struct arpt_replace)); memmove(&(repl->underflow[3]), &(repl->underflow[2]), |