summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrás Kis-Szabó <kisza@securityaudit.hu>2002-08-14 11:40:41 +0000
committerHarald Welte <laforge@gnumonks.org>2002-08-14 11:40:41 +0000
commit0c4188f446e7c0ed07076c69d1d7f336a92efc8b (patch)
tree5f5672a529928f4599b8cbe65046372e840b0676
parentf4e6683c5a4c80e494a2167d1a64d1b9c63587aa (diff)
minor fixes by kisza:
- remove -C(check) function from ip6tables - -M added to the getopts()'s list (missed) - small change in the iptables help - remove some unused code - some GPL notice added
-rw-r--r--ip6tables-restore.c9
-rw-r--r--ip6tables-save.c5
-rw-r--r--ip6tables.c100
-rw-r--r--iptables.c2
4 files changed, 10 insertions, 106 deletions
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index f4a86975..66801133 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -5,8 +5,9 @@
* Authors:
* Harald Welte <laforge@gnumonks.org>
* Rusty Russell <rusty@linuxcare.com.au>
+ * This code is distributed under the terms of GNU GPL v2
*
- * $Id: ip6tables-restore.c,v 1.8 2002/03/03 09:44:31 laforge Exp $
+ * $Id: ip6tables-restore.c,v 1.9 2002/05/29 13:08:15 laforge Exp $
*/
#include <getopt.h>
@@ -23,12 +24,6 @@
#define DEBUGP(x, args...)
#endif
-/*
-extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
-extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
-extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
-*/
-
static int binary = 0, counters = 0, verbose = 0, noflush = 0;
/* Keeping track of external matches and targets. */
diff --git a/ip6tables-save.c b/ip6tables-save.c
index 1a11bff4..b9dbd80e 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -3,6 +3,7 @@
* Original code: iptables-save
* Authors: Paul 'Rusty' Russel <rusty@linuxcare.com.au> and
* Harald Welte <laforge@gnumonks.org>
+ * This code is distributed under the terms of GNU GPL v2
*/
#include <getopt.h>
#include <sys/errno.h>
@@ -27,10 +28,6 @@ static struct option options[] = {
{ 0 }
};
-/*
-extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload tryload);
-extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload tryload);
-*/
/* This assumes that mask is contiguous, and byte-bounded. */
static void
diff --git a/ip6tables.c b/ip6tables.c
index ed607d9b..a26ff8c2 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -89,7 +89,7 @@
#define CMD_RENAME_CHAIN 0x1000U
#define NUMBER_OF_CMD 13
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'C', 'E' };
+ 'N', 'X', 'P', 'E' };
#define OPTION_OFFSET 256
@@ -117,7 +117,6 @@ static struct option original_opts[] = {
{ "list", 2, 0, 'L' },
{ "flush", 2, 0, 'F' },
{ "zero", 2, 0, 'Z' },
- { "check", 1, 0, 'C' },
{ "new-chain", 1, 0, 'N' },
{ "delete-chain", 2, 0, 'X' },
{ "rename-chain", 2, 0, 'E' },
@@ -147,7 +146,7 @@ static struct option original_opts[] = {
struct ip6t_entry_target *
ip6t_get_target(struct ip6t_entry *e)
{
- return (void *)e + e->target_offset;
+ return (void *)e + e->target_offset;
}
#endif
@@ -291,7 +290,7 @@ exit_printhelp(void)
struct ip6tables_target *t = NULL;
printf("%s v%s\n\n"
-"Usage: %s -[ADC] chain rule-specification [options]\n"
+"Usage: %s -[AD] chain rule-specification [options]\n"
" %s -[RI] chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
" %s -[LFZ] [chain] [options]\n"
@@ -317,7 +316,6 @@ exit_printhelp(void)
" --list -L [chain] List the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
" --zero -Z [chain] Zero counters in chain or all chains\n"
-" --check -C chain Test this packet on chain\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -756,7 +754,6 @@ find_match(const char *name, enum ip6t_tryload tryload)
if (ptr)
ptr->used = 1;
-
return ptr;
}
@@ -1424,36 +1421,6 @@ delete_entry(const ip6t_chainlabel chain,
return ret;
}
-static int
-check_packet(const ip6t_chainlabel chain,
- struct ip6t_entry *fw,
- unsigned int nsaddrs,
- const struct in6_addr saddrs[],
- unsigned int ndaddrs,
- const struct in6_addr daddrs[],
- int verbose,
- ip6tc_handle_t *handle)
-{
- int ret = 1;
- unsigned int i, j;
- const char *msg;
-
- for (i = 0; i < nsaddrs; i++) {
- fw->ipv6.src = saddrs[i];
- for (j = 0; j < ndaddrs; j++) {
- fw->ipv6.dst = daddrs[j];
- if (verbose)
- print_firewall_line(fw, *handle);
- msg = ip6tc_check_packet(chain, fw, handle);
- if (!msg) ret = 0;
- else printf("%s\n", msg);
- }
- }
-
- return ret;
-}
-
-/*static int*/
int
for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *),
int verbose, int builtinstoo, ip6tc_handle_t *handle)
@@ -1721,7 +1688,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
opterr = 0;
while ((c = getopt_long(argc, argv,
- "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:",
+ "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:",
opts, NULL)) != -1) {
switch (c) {
/*
@@ -1744,12 +1711,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
}
break;
- case 'C':
- add_command(&command, CMD_CHECK, CMD_NONE,
- invert);
- chain = optarg;
- break;
-
case 'R':
add_command(&command, CMD_REPLACE, CMD_NONE,
invert);
@@ -2061,32 +2022,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
&m->m))
break;
}
-
- /* If you listen carefully, you can
- actually hear this code suck. */
- if (m == NULL
- && protocol
- && !find_proto(protocol, DONT_LOAD,
- options&OPT_NUMERIC)
- && (m = find_proto(protocol, TRY_LOAD,
- options&OPT_NUMERIC))) {
- /* Try loading protocol */
- size_t size;
-
- size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
- + m->size;
-
- m->m = fw_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->init(m->m, &fw.nfcache);
-
- opts = merge_options(opts,
- m->extra_opts, &m->option_offset);
-
- optind--;
- continue;
- }
if (!m)
exit_error(PARAMETER_PROBLEM,
"Unknown arg `%s'",
@@ -2117,8 +2052,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
exit_error(PARAMETER_PROBLEM,
"nothing appropriate following !");
- if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND |
- CMD_CHECK)) {
+ if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
if (!(options & OPT_DESTINATION))
dhostnetworkmask = "::0/0";
if (!(options & OPT_SOURCE))
@@ -2138,10 +2072,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
exit_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
- if (command == CMD_CHECK && fw.ipv6.invflags != 0)
- exit_error(PARAMETER_PROBLEM, "! not allowed with -%c",
- cmd2char(CMD_CHECK));
-
if (command == CMD_REPLACE && (nsaddrs != 1 || ndaddrs != 1))
exit_error(PARAMETER_PROBLEM, "Replacement rule does not "
"specify a unique address");
@@ -2168,8 +2098,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
"can't initialize ip6tables table `%s': %s",
*table, ip6tc_strerror(errno));
- if (command == CMD_CHECK
- || command == CMD_APPEND
+ if (command == CMD_APPEND
|| command == CMD_DELETE
|| command == CMD_INSERT
|| command == CMD_REPLACE) {
@@ -2181,12 +2110,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEOUT),
chain);
- /* -i required with -C */
- if (command == CMD_CHECK && !(options & OPT_VIANAMEIN))
- exit_error(PARAMETER_PROBLEM,
- "Need -%c with %s\n",
- opt2char(OPT_VIANAMEIN),
- chain);
}
if (strcmp(chain, "POSTROUTING") == 0
@@ -2197,12 +2120,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
"Can't use -%c with %s\n",
opt2char(OPT_VIANAMEIN),
chain);
- /* -o required with -C */
- if (command == CMD_CHECK && !(options&OPT_VIANAMEOUT))
- exit_error(PARAMETER_PROBLEM,
- "Need -%c with %s\n",
- opt2char(OPT_VIANAMEOUT),
- chain);
}
if (target && ip6tc_is_chain(jumpto, *handle)) {
@@ -2248,11 +2165,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
options&OPT_VERBOSE,
handle);
break;
- case CMD_CHECK:
- ret = check_packet(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
- options&OPT_VERBOSE, handle);
- break;
case CMD_DELETE:
ret = delete_entry(chain, e,
nsaddrs, saddrs, ndaddrs, daddrs,
diff --git a/iptables.c b/iptables.c
index 1f889025..cd3c1fe2 100644
--- a/iptables.c
+++ b/iptables.c
@@ -342,7 +342,7 @@ exit_printhelp(void)
struct iptables_target *t = NULL;
printf("%s v%s\n\n"
-"Usage: %s -[ADC] chain rule-specification [options]\n"
+"Usage: %s -[AD] chain rule-specification [options]\n"
" %s -[RI] chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
" %s -[LFZ] [chain] [options]\n"