diff options
| -rw-r--r-- | communication.c | 120 | ||||
| -rw-r--r-- | ebtables.c | 18 | ||||
| -rw-r--r-- | extensions/ebt_arp.c | 6 | ||||
| -rw-r--r-- | extensions/ebt_ip.c | 30 | ||||
| -rw-r--r-- | extensions/ebt_log.c | 24 | ||||
| -rw-r--r-- | extensions/ebt_mark_m.c | 2 | ||||
| -rw-r--r-- | include/ebtables_u.h | 58 |
7 files changed, 145 insertions, 113 deletions
diff --git a/communication.c b/communication.c index 887ee08..70f5ff8 100644 --- a/communication.c +++ b/communication.c @@ -5,11 +5,13 @@ * */ -// All the userspace/kernel communication is in this file. -// The other code should not have to know anything about the way the -// kernel likes the structure of the table data. -// The other code works with linked lists, lots of linked lists. -// So, the translation is done here. +/* + * All the userspace/kernel communication is in this file. + * The other code should not have to know anything about the way the + * kernel likes the structure of the table data. + * The other code works with linked lists, lots of linked lists. + * So, the translation is done here. + */ #include <getopt.h> #include <string.h> @@ -54,7 +56,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) new->nentries = u_repl->nentries; new->num_counters = u_repl->num_counters; new->counters = u_repl->counters; - // determine nr of udc + /* determine nr of udc */ i = 0; cl = u_repl->udc; while (cl) { @@ -63,7 +65,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) } i += NF_BR_NUMHOOKS; chain_offsets = (unsigned int *)malloc(i * sizeof(unsigned int)); - // determine size + /* determine size */ i = 0; cl = u_repl->udc; while (1) { @@ -101,7 +103,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) sizeof(struct ebt_entry_target); e = e->next; } - // a little sanity check + /* a little sanity check */ if (j != entries->nentries) print_bug("Wrong nentries: %d != %d, hook = %s", j, entries->nentries, entries->name); @@ -115,7 +117,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) if (!new->entries) print_memory(); - // put everything in one block + /* put everything in one block */ p = new->entries; i = 0; cl = u_repl->udc; @@ -139,7 +141,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) hlp->policy = entries->policy; strcpy(hlp->name, entries->name); hlp->counter_offset = entries->counter_offset; - hlp->distinguisher = 0; // make the kernel see the light + hlp->distinguisher = 0; /* make the kernel see the light */ p += sizeof(struct ebt_entries); e = entries->entries; while (e) { @@ -184,7 +186,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) if (!strcmp(e->t->u.name, EBT_STANDARD_TARGET)) { struct ebt_standard_target *st = (struct ebt_standard_target *)p; - // translate the jump to a udc + /* translate the jump to a udc */ if (st->verdict >= 0) st->verdict = chain_offsets [st->verdict + NF_BR_NUMHOOKS]; @@ -199,7 +201,7 @@ static struct ebt_replace * translate_user2kernel(struct ebt_u_replace *u_repl) i++; } - // sanity check + /* sanity check */ if (p - new->entries != new->entries_size) print_bug("Entries_size bug"); free(chain_offsets); @@ -212,7 +214,7 @@ static void store_table_in_file(char *filename, struct ebt_replace *repl) int size; FILE *file; - // start from an empty file with right priviliges + /* start from an empty file with right priviliges */ command = (char *)malloc(strlen(filename) + 15); if (!command) print_memory(); @@ -234,7 +236,7 @@ static void store_table_in_file(char *filename, struct ebt_replace *repl) memcpy(data, repl, sizeof(struct ebt_replace)); memcpy(data + sizeof(struct ebt_replace), repl->entries, repl->entries_size); - // initialize counters to zero, deliver_counters() can update them + /* initialize counters to zero, deliver_counters() can update them */ memset(data + sizeof(struct ebt_replace) + repl->entries_size, 0, repl->nentries * sizeof(struct ebt_counter)); if (!(file = fopen(filename, "wb"))) @@ -252,13 +254,13 @@ void deliver_table(struct ebt_u_replace *u_repl) socklen_t optlen; struct ebt_replace *repl; - // translate the struct ebt_u_replace to a struct ebt_replace + /* translate the struct ebt_u_replace to a struct ebt_replace */ repl = translate_user2kernel(u_repl); if (u_repl->filename != NULL) { store_table_in_file(u_repl->filename, repl); return; } - // give the data to the kernel + /* give the data to the kernel */ optlen = sizeof(struct ebt_replace) + repl->entries_size; get_sockfd(); if (setsockopt(sockfd, IPPROTO_IP, EBT_SO_SET_ENTRIES, repl, optlen)) @@ -276,7 +278,10 @@ static void store_counters_in_file(char *filename, struct ebt_u_replace *repl) if (!(file = fopen(filename, "r+b"))) print_error("Could not open file %s", filename); - // find out entries_size and then set the file pointer to the counters + /* + * find out entries_size and then set the file pointer to the + * counters + */ if (fseek(file, (char *)(&hlp.entries_size) - (char *)(&hlp), SEEK_SET) || fread(&entries_size, sizeof(char), sizeof(unsigned int), file) != sizeof(unsigned int) || @@ -291,9 +296,8 @@ static void store_counters_in_file(char *filename, struct ebt_u_replace *repl) fclose(file); } -// gets executed after deliver_table -void -deliver_counters(struct ebt_u_replace *u_repl) +/* gets executed after deliver_table */ +void deliver_counters(struct ebt_u_replace *u_repl) { unsigned short *point; struct ebt_counter *old, *new, *newcounters; @@ -314,21 +318,23 @@ deliver_counters(struct ebt_u_replace *u_repl) point = counterchanges; while (*point != CNT_END) { if (*point == CNT_NORM) { - // 'normal' rule, meaning we didn't do anything to it - // So, we just copy + /* + *'normal' rule, meaning we didn't do anything to it + * So, we just copy + */ new->pcnt = old->pcnt; - // we've used an old counter + /* we've used an old counter */ old++; - // we've set a new counter + /* we've set a new counter */ new++; } else if (*point == CNT_DEL) { - // don't use this old counter + /* don't use this old counter */ old++; } else if (*point == CNT_ADD) { - // new counter, let it stay 0 + /* new counter, let it stay 0 */ new++; } else { - // zero it (let it stay 0) + /* zero it (let it stay 0) */ old++; new++; } @@ -344,7 +350,7 @@ deliver_counters(struct ebt_u_replace *u_repl) } optlen = u_repl->nentries * sizeof(struct ebt_counter) + sizeof(struct ebt_replace); - // now put the stuff in the kernel's struct ebt_replace + /* now put the stuff in the kernel's struct ebt_replace */ repl.counters = u_repl->counters; repl.num_counters = u_repl->num_counters; memcpy(repl.name, u_repl->name, sizeof(repl.name)); @@ -406,7 +412,7 @@ ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, int *totalcnt, struct ebt_u_entry ***u_e, struct ebt_u_replace *u_repl, unsigned int valid_hooks, char *base) { - // an entry + /* an entry */ if (e->bitmask & EBT_ENTRY_OR_ENTRIES) { struct ebt_u_entry *new; struct ebt_u_match_list **m_l; @@ -417,7 +423,10 @@ ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, if (!new) print_memory(); new->bitmask = e->bitmask; - // plain userspace code doesn't know about EBT_ENTRY_OR_ENTRIES + /* + * plain userspace code doesn't know about + * EBT_ENTRY_OR_ENTRIES + */ new->bitmask &= ~EBT_ENTRY_OR_ENTRIES; new->invflags = e->invflags; new->ethproto = e->ethproto; @@ -447,7 +456,7 @@ ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, "userspace tool", t->u.name); memcpy(new->t, t, t->target_size + sizeof(struct ebt_entry_target)); - // deal with jumps to udc + /* deal with jumps to udc */ if (!strcmp(t->u.name, EBT_STANDARD_TARGET)) { char *tmp = base; int verdict = ((struct ebt_standard_target *)t)->verdict; @@ -468,13 +477,13 @@ ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, } } - // I love pointers + /* I love pointers */ **u_e = new; *u_e = &new->next; (*cnt)++; (*totalcnt)++; return 0; - } else { // a new chain + } else { /* a new chain */ int i; struct ebt_entries *entries = (struct ebt_entries *)e; struct ebt_u_chain_list *cl; @@ -487,8 +496,8 @@ ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, if (valid_hooks & (1 << i)) break; *hook = i; - // makes use of fact that standard chains come before udc - if (i >= NF_BR_NUMHOOKS) { // udc + /* makes use of fact that standard chains come before udc */ + if (i >= NF_BR_NUMHOOKS) { /* udc */ i -= NF_BR_NUMHOOKS; cl = u_repl->udc; while (i-- > 0) @@ -500,7 +509,7 @@ ebt_translate_entry(struct ebt_entry *e, unsigned int *hook, int *n, int *cnt, } } -// initialize all chain headers +/* initialize all chain headers */ static int ebt_translate_chains(struct ebt_entry *e, unsigned int *hook, struct ebt_u_replace *u_repl, unsigned int valid_hooks) @@ -514,10 +523,10 @@ ebt_translate_chains(struct ebt_entry *e, unsigned int *hook, for (i = *hook + 1; i < NF_BR_NUMHOOKS; i++) if (valid_hooks & (1 << i)) break; - // makes use of fact that standard chains come before udc - if (i >= NF_BR_NUMHOOKS) { // udc + /* makes use of fact that standard chains come before udc */ + if (i >= NF_BR_NUMHOOKS) { /* udc */ chain_list = &u_repl->udc; - // add in the back + /* add in the back */ while (*chain_list) chain_list = &((*chain_list)->next); *chain_list = (struct ebt_u_chain_list *) @@ -530,8 +539,10 @@ ebt_translate_chains(struct ebt_entry *e, unsigned int *hook, if (!((*chain_list)->udc)) print_memory(); new = (*chain_list)->udc; - // ebt_translate_entry depends on this for knowing - // to which chain is being jumped + /* + * ebt_translate_entry depends on this for knowing + * to which chain is being jumped + */ (*chain_list)->kernel_start = (char *)e; } else { *hook = i; @@ -559,7 +570,9 @@ static void retrieve_from_file(char *filename, struct ebt_replace *repl, if (!(file = fopen(filename, "r+b"))) print_error("Could not open file %s", filename); - // make sure table name is right if command isn't -L or --atomic-commit + /* + * make sure table name is right if command isn't -L or --atomic-commit + */ if (command != 'L' && command != 8) { hlp = (char *)malloc(strlen(repl->name) + 1); if (!hlp) @@ -596,7 +609,7 @@ static void retrieve_from_file(char *filename, struct ebt_replace *repl, print_memory(); } else repl->counters = NULL; - // copy entries and counters + /* copy entries and counters */ if (fseek(file, sizeof(struct ebt_replace), SEEK_SET) || fread(repl->entries, sizeof(char), repl->entries_size, file) != repl->entries_size || @@ -617,7 +630,7 @@ static int retrieve_from_kernel(struct ebt_replace *repl, char command) optlen = sizeof(struct ebt_replace); get_sockfd(); - // --atomic-init || --init-table + /* --atomic-init || --init-table */ if (command == 7 || command == 11) optname = EBT_SO_GET_INIT_INFO; else @@ -635,7 +648,7 @@ static int retrieve_from_kernel(struct ebt_replace *repl, char command) else repl->counters = NULL; - // we want to receive the counters + /* we want to receive the counters */ repl->num_counters = repl->nentries; optlen += repl->entries_size + repl->num_counters * sizeof(struct ebt_counter); @@ -658,12 +671,14 @@ int get_table(struct ebt_u_replace *u_repl) strcpy(repl.name, u_repl->name); if (u_repl->filename != NULL) { retrieve_from_file(u_repl->filename, &repl, u_repl->command); - // -L with a wrong table name should be dealt with silently + /* + * -L with a wrong table name should be dealt with silently + */ strcpy(u_repl->name, repl.name); } else if (retrieve_from_kernel(&repl, u_repl->command) == -1) return -1; - // translate the struct ebt_replace to a struct ebt_u_replace + /* translate the struct ebt_replace to a struct ebt_u_replace */ u_repl->valid_hooks = repl.valid_hooks; u_repl->nentries = repl.nentries; u_repl->num_counters = repl.num_counters; @@ -672,10 +687,13 @@ int get_table(struct ebt_u_replace *u_repl) hook = -1; EBT_ENTRY_ITERATE(repl.entries, repl.entries_size, ebt_translate_chains, &hook, u_repl, u_repl->valid_hooks); - i = 0; // holds the expected nr. of entries for the chain - j = 0; // holds the up to now counted entries for the chain - k = 0; // holds the total nr. of entries, - // should equal u_repl->nentries afterwards + i = 0; /* holds the expected nr. of entries for the chain */ + j = 0; /* holds the up to now counted entries for the chain */ + /* + * holds the total nr. of entries, + * should equal u_repl->nentries afterwards + */ + k = 0; hook = -1; EBT_ENTRY_ITERATE(repl.entries, repl.entries_size, ebt_translate_entry, &hook, &i, &j, &k, &u_e, u_repl, u_repl->valid_hooks, repl.entries); @@ -295,7 +295,7 @@ merge_options(struct option *oldopts, const struct option *newopts, merge[num_old + i].val += *options_offset; } memset(merge + num_old + num_new, 0, sizeof(struct option)); - // only free dynamically allocated stuff + /* only free dynamically allocated stuff */ if (oldopts != ebt_original_options) free(oldopts); @@ -400,7 +400,7 @@ int ebtables_insmod(const char *modname, const char *modprobe) char *buf = NULL; char *argv[3]; - // If they don't explicitly set it, read out of kernel + /* If they don't explicitly set it, read out of kernel */ if (!modprobe) { buf = get_modprobe(); if (!buf) @@ -467,7 +467,7 @@ static void list_em(struct ebt_u_entries *entries) for (i = 0; i < entries->nentries; i++) { if (replace.flags & LIST_N) { digits = 0; - // A little work to get nice rule numbers. + /* A little work to get nice rule numbers. */ j = i + 1; while (j > 9) { digits++; @@ -1142,7 +1142,7 @@ letscontinue: return -1; } -// execute command A or I +/* execute command A or I */ static void add_rule(int rule_nr) { int i, j; @@ -1303,7 +1303,7 @@ static void delete_rule(int begin, int end) while(j--) { u_e2 = *u_e; *u_e = (*u_e)->next; - // free everything + /* free everything */ free_u_entry(u_e2); free(u_e2); } @@ -2044,7 +2044,7 @@ int main(int argc, char *argv[]) " or equal to 0x0600"); break; - case 4 : // Lc + case 4 : /* Lc */ check_option(&replace.flags, LIST_C); if (replace.command != 'L') print_error("Use --Lc with -L"); @@ -2052,7 +2052,7 @@ int main(int argc, char *argv[]) print_error("--Lx not compatible with --Lc"); replace.flags |= LIST_C; break; - case 5 : // Ln + case 5 : /* Ln */ check_option(&replace.flags, LIST_N); if (replace.command != 'L') print_error("Use --Ln with -L"); @@ -2060,7 +2060,7 @@ int main(int argc, char *argv[]) print_error("--Lx not compatible with --Ln"); replace.flags |= LIST_N; break; - case 6 : // Lx + case 6 : /* Lx */ check_option(&replace.flags, LIST_X); if (replace.command != 'L') print_error("Use --Lx with -L"); @@ -2070,7 +2070,7 @@ int main(int argc, char *argv[]) print_error("--Lx not compatible with --Ln"); replace.flags |= LIST_X; break; - case 8 : // atomic-commit + case 8 : /* atomic-commit */ replace.command = c; if (replace.flags & OPT_COMMAND) print_error("Multiple commands not allowed"); diff --git a/extensions/ebt_arp.c b/extensions/ebt_arp.c index 7325270..6298d5e 100644 --- a/extensions/ebt_arp.c +++ b/extensions/ebt_arp.c @@ -23,7 +23,7 @@ static struct option opts[] = }; #define NUMOPCODES 9 -// a few names +/* a few names */ static char *opcodes[] = { "Request", @@ -64,7 +64,7 @@ static void init(struct ebt_entry_match *match) arpinfo->bitmask = 0; } -// defined in ebt_ip.c +/* defined in ebt_ip.c */ void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk); #define OPT_OPCODE 0x01 @@ -188,7 +188,7 @@ static void final_check(const struct ebt_u_entry *entry, "specified as ARP or RARP"); } -// defined in the ebt_ip.c +/* defined in the ebt_ip.c */ char *mask_to_dotted(uint32_t mask); static void print(const struct ebt_u_entry *entry, diff --git a/extensions/ebt_ip.c b/extensions/ebt_ip.c index 916d7af..36cb3c9 100644 --- a/extensions/ebt_ip.c +++ b/extensions/ebt_ip.c @@ -2,7 +2,7 @@ * ebtables ebt_ip: IP extension module for userspace * * Authors: - * Bart De Schuymer <bart.de.schuymer@pandora.be> + * Bart De Schuymer <bdschuym@pandora.be> * * Changes: * added ip-sport and ip-dport; parsing of port arguments is @@ -36,7 +36,7 @@ #define IP_SOURCE '1' #define IP_DEST '2' -#define IP_myTOS '3' // include/bits/in.h seems to already define IP_TOS +#define IP_myTOS '3' /* include/bits/in.h seems to already define IP_TOS */ #define IP_PROTO '4' #define IP_SPORT '5' #define IP_DPORT '6' @@ -57,9 +57,7 @@ static struct option opts[] = { 0 } }; -struct protoent *pe; - -// put the ip string into 4 bytes +/* put the ip string into 4 bytes */ static int undot_ip(char *ip, unsigned char *ip2) { char *p, *q, *end; @@ -89,7 +87,7 @@ static int undot_ip(char *ip, unsigned char *ip2) return 0; } -// put the mask into 4 bytes +/* put the mask into 4 bytes */ static int ip_mask(char *mask, unsigned char *mask2) { char *end; @@ -97,7 +95,7 @@ static int ip_mask(char *mask, unsigned char *mask2) uint32_t mask22; if (undot_ip(mask, mask2)) { - // not the /a.b.c.e format, maybe the /x format + /* not the /a.b.c.e format, maybe the /x format */ bits = strtol(mask, &end, 10); if (*end != '\0' || bits > 32 || bits < 0) return -1; @@ -112,12 +110,12 @@ static int ip_mask(char *mask, unsigned char *mask2) return 0; } -// set the ip mask and ip address +/* set the ip mask and ip address */ void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk) { char *p; - // first the mask + /* first the mask */ if ((p = strrchr(address, '/')) != NULL) { *p = '\0'; if (ip_mask(p + 1, (unsigned char *)msk)) @@ -131,7 +129,7 @@ void parse_ip_address(char *address, uint32_t *addr, uint32_t *msk) *addr = *addr & *msk; } -// transform the ip mask into a string ready for output +/* transform the ip mask into a string ready for output */ char *mask_to_dotted(uint32_t mask) { int i; @@ -140,14 +138,14 @@ char *mask_to_dotted(uint32_t mask) maskaddr = ntohl(mask); - // don't print /32 + /* don't print /32 */ if (mask == 0xFFFFFFFFL) { *buf = '\0'; return buf; } i = 32; - bits = 0xFFFFFFFEL; // case 0xFFFFFFFF has just been dealt with + bits = 0xFFFFFFFEL; /* case 0xFFFFFFFF has just been dealt with */ while (--i >= 0 && maskaddr != bits) bits <<= 1; @@ -156,7 +154,7 @@ char *mask_to_dotted(uint32_t mask) else if (!i) *buf = '\0'; else - // mask was not a decent combination of 1's and 0's + /* mask was not a decent combination of 1's and 0's */ sprintf(buf, "/%d.%d.%d.%d", ((unsigned char *)&mask)[0], ((unsigned char *)&mask)[1], ((unsigned char *)&mask)[2], ((unsigned char *)&mask)[3]); @@ -164,7 +162,7 @@ char *mask_to_dotted(uint32_t mask) return buf; } -// transform a protocol and service name into a port number +/* transform a protocol and service name into a port number */ static uint16_t parse_port(const char *protocol, const char *name) { struct servent *service; @@ -317,6 +315,8 @@ static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, print_error("Missing IP protocol argument"); (unsigned char) i = strtoul(argv[optind - 1], &end, 10); if (*end != '\0') { + struct protoent *pe; + pe = getprotobyname(argv[optind - 1]); if (pe == NULL) print_error @@ -384,6 +384,8 @@ static void print(const struct ebt_u_entry *entry, printf("0x%02X ", ipinfo->tos); } if (ipinfo->bitmask & EBT_IP_PROTO) { + struct protoent *pe; + printf("--ip-proto "); if (ipinfo->invflags & EBT_IP_PROTO) printf("! "); diff --git a/extensions/ebt_log.c b/extensions/ebt_log.c index c9461b5..3c2409f 100644 --- a/extensions/ebt_log.c +++ b/extensions/ebt_log.c @@ -5,16 +5,18 @@ #include "../include/ebtables_u.h" #include <linux/netfilter_bridge/ebt_log.h> -// copied from syslog.h -// used for the LOG target -#define LOG_EMERG 0 // system is unusable -#define LOG_ALERT 1 // action must be taken immediately -#define LOG_CRIT 2 // critical conditions -#define LOG_ERR 3 // error conditions -#define LOG_WARNING 4 // warning conditions -#define LOG_NOTICE 5 // normal but significant condition -#define LOG_INFO 6 // informational -#define LOG_DEBUG 7 // debug-level messages +/* + * copied from syslog.h + * used for the LOG target + */ +#define LOG_EMERG 0 /* system is unusable */ +#define LOG_ALERT 1 /* action must be taken immediately */ +#define LOG_CRIT 2 /* critical conditions */ +#define LOG_ERR 3 /* error conditions */ +#define LOG_WARNING 4 /* warning conditions */ +#define LOG_NOTICE 5 /* normal but significant condition */ +#define LOG_INFO 6 /* informational */ +#define LOG_DEBUG 7 /* debug-level messages */ #define LOG_DEFAULT_LEVEL LOG_INFO @@ -41,7 +43,7 @@ static int name_to_loglevel(char* arg) for (i = 0; i < 8; i++) if (!strcmp(arg, eight_priority[i].c_name)) return eight_priority[i].c_val; - // return bad loglevel + /* return bad loglevel */ return 9; } diff --git a/extensions/ebt_mark_m.c b/extensions/ebt_mark_m.c index 14b2540..4fdc41d 100644 --- a/extensions/ebt_mark_m.c +++ b/extensions/ebt_mark_m.c @@ -9,7 +9,7 @@ static struct option opts[] = { - { "mark" , required_argument, 0, MARK }, + { "mark", required_argument, 0, MARK }, { 0 } }; diff --git a/include/ebtables_u.h b/include/ebtables_u.h index bad8290..c1af715 100644 --- a/include/ebtables_u.h +++ b/include/ebtables_u.h @@ -30,9 +30,9 @@ struct ebt_u_entries { int policy; unsigned int nentries; - // counter offset for this chain + /* counter offset for this chain */ unsigned int counter_offset; - // used for udc + /* used for udc */ unsigned int hook_mask; char name[EBT_CHAIN_MAXNAMELEN]; struct ebt_u_entry *entries; @@ -42,7 +42,7 @@ struct ebt_u_chain_list { struct ebt_u_entries *udc; struct ebt_u_chain_list *next; - // this is only used internally, in communication.c + /* this is only used internally, in communication.c */ char *kernel_start; }; @@ -50,25 +50,29 @@ struct ebt_u_replace { char name[EBT_TABLE_MAXNAMELEN]; unsigned int valid_hooks; - // nr of rules in the table + /* nr of rules in the table */ unsigned int nentries; struct ebt_u_entries *hook_entry[NF_BR_NUMHOOKS]; - // user defined chains (udc) list + /* user defined chains (udc) list */ struct ebt_u_chain_list *udc; - // nr of counters userspace expects back + /* nr of counters userspace expects back */ unsigned int num_counters; - // where the kernel will put the old counters + /* where the kernel will put the old counters */ struct ebt_counter *counters; - // can be used e.g. to know if a standard option - // has been specified twice + /* + * can be used e.g. to know if a standard option + * has been specified twice + */ unsigned int flags; - // we stick the specified command (e.g. -A) in here + /* we stick the specified command (e.g. -A) in here */ char command; - // here we stick the hook to do our thing on (can be -1 if unspecified) + /* + * here we stick the hook to do our thing on (can be -1 if unspecified) + */ int selected_hook; - // used for the atomic option + /* used for the atomic option */ char *filename; - // tells what happened to the old rules + /* tells what happened to the old rules */ unsigned short *counterchanges; }; @@ -114,7 +118,7 @@ struct ebt_u_entry struct ebt_u_match { char name[EBT_FUNCTION_MAXNAMELEN]; - // size of the real match data + /* size of the real match data */ unsigned int size; void (*help)(void); void (*init)(struct ebt_entry_match *m); @@ -129,12 +133,16 @@ struct ebt_u_match int (*compare)(const struct ebt_entry_match *m1, const struct ebt_entry_match *m2); const struct option *extra_ops; - // can be used e.g. to check for multiple occurance of the same option + /* + * can be used e.g. to check for multiple occurance of the same option + */ unsigned int flags; unsigned int option_offset; struct ebt_entry_match *m; - // if used == 1 we no longer have to add it to - // the match chain of the new entry + /* + * if used == 1 we no longer have to add it to + * the match chain of the new entry + */ unsigned int used; struct ebt_u_match *next; }; @@ -207,7 +215,7 @@ void __print_bug(char *file, int line, char *format, ...); #define print_memory() {printf("Ebtables: " __FILE__ " " __FUNCTION__ \ " %d :Out of memory.\n", __LINE__); exit(-1);} -// used for keeping the rule counters right during rule adds or deletes +/* used for keeping the rule counters right during rule adds or deletes */ #define CNT_NORM 0 #define CNT_DEL 1 #define CNT_ADD 2 @@ -215,8 +223,10 @@ void __print_bug(char *file, int line, char *format, ...); #define CNT_ZERO 4 extern char *standard_targets[NUM_STANDARD_TARGETS]; -// Transforms a target string into the right integer, -// returns 0 on success. +/* + * Transforms a target string into the right integer, + * returns 0 on success. + */ #define FILL_TARGET(_str, _pos) ({ \ int _i, _ret = 0; \ for (_i = 0; _i < NUM_STANDARD_TARGETS; _i++) \ @@ -229,12 +239,12 @@ extern char *standard_targets[NUM_STANDARD_TARGETS]; _ret; \ }) -// Transforms the target value to an index into standard_targets[] +/* Transforms the target value to an index into standard_targets[] */ #define TARGET_INDEX(_value) (-_value - 1) -// Returns a target string corresponding to the value +/* Returns a target string corresponding to the value */ #define TARGET_NAME(_value) (standard_targets[TARGET_INDEX(_value)]) -// True if the hook mask denotes that the rule is in a base chain +/* True if the hook mask denotes that the rule is in a base chain */ #define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS)) -// Clear the bit in the hook_mask that tells if the rule is on a base chain +/* Clear the bit in the hook_mask that tells if the rule is on a base chain */ #define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS)) #endif /* EBTABLES_U_H */ |