Merge branch 'master' of git://dev.medozas.de/iptables

11 files changed, 73 insertions, 67 deletions

diff --git a/.gitignore b/.gitignore
index 116de2c3..97c30045 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,7 +18,7 @@ Makefile.in
 /extensions/targets?.man
 
 /include/xtables.h
-/include/xtables/internal.h
+/include/iptables/internal.h
 
 /aclocal.m4
 /autom4te*.cache
diff --git a/Makefile.am b/Makefile.am
index 96de1b2e..dbdfa97a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,11 +15,12 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c
 lib_LTLIBRARIES       = libxtables.la
 libxtables_la_SOURCES = xtables.c
 libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
+libxtables_la_LIBADD  = -ldl
 
 # iptables, dynamic
 iptables_SOURCES          = iptables-standalone.c iptables.c
 iptables_LDFLAGS          = -rdynamic
-iptables_LDADD            = -ldl -lm libiptc/libiptc.a extensions/libext4.a libxtables.la
+iptables_LDADD            = -lm libiptc/libiptc.a extensions/libext4.a libxtables.la
 
 iptables_xml_LDADD        = -ldl libxtables.la
 iptables_multi_SOURCES    = iptables-multi.c iptables-save.c \
@@ -47,7 +48,7 @@ iptables_xml_SOURCES      = iptables-xml.c
 # ip6tables, dynamic
 ip6tables_SOURCES         = ip6tables-standalone.c ip6tables.c
 ip6tables_LDFLAGS         = -rdynamic
-ip6tables_LDADD           = -ldl -lm libiptc/libiptc.a extensions/libext6.a libxtables.la
+ip6tables_LDADD           = -lm libiptc/libiptc.a extensions/libext6.a libxtables.la
 
 ip6tables_multi_SOURCES   = ip6tables-multi.c ip6tables-save.c \
                             ip6tables-restore.c ip6tables-standalone.c \
@@ -105,7 +106,7 @@ tarball:
 	tar -C /tmp -cjf ${PACKAGE_TARNAME}-${PACKAGE_VERSION}.tar.bz2 --owner=root --group=root ${PACKAGE_TARNAME}-${PACKAGE_VERSION}/;
 	rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION};
 
-config.status: include/xtables.h.in
+config.status: include/xtables.h.in include/iptables/internal.h.in
 
 # ldconfig may fail when we are not root (as is the case in build systems)
 # so add appropriate protection that it does not let `make` fail.
diff --git a/configure.ac b/configure.ac
index bb32130c..888ba429 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,5 +79,5 @@ libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage));
 AC_SUBST([libxtables_vmajor])
 
 AC_CONFIG_FILES([Makefile extensions/GNUmakefile libipq/Makefile
-	include/xtables.h include/xtables/internal.h xtables.pc])
+	include/xtables.h include/iptables/internal.h xtables.pc])
 AC_OUTPUT
diff --git a/include/ip6tables.h b/include/ip6tables.h
index 1956cf06..86587e6f 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -4,16 +4,7 @@
 #include <netinet/ip.h>
 #include <xtables.h>
 #include <libiptc/libip6tc.h>
-
-#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */
-#define IP6T_SO_GET_REVISION_MATCH	68
-#define IP6T_SO_GET_REVISION_TARGET	69
-#endif /* IP6T_SO_GET_REVISION_MATCH   Old kernel source */
-
-#define ip6tables_rule_match	xtables_rule_match
-#define ip6t_tryload		xt_tryload
-
-extern int line;
+#include <iptables/internal.h>
 
 /* Your shared library should call one of these. */
 extern int do_command6(int argc, char *argv[], char **table,
diff --git a/include/iptables.h b/include/iptables.h
index f7ae0cc5..f0aa3455 100644
--- a/include/iptables.h
+++ b/include/iptables.h
@@ -4,16 +4,7 @@
 #include <netinet/ip.h>
 #include <xtables.h>
 #include <libiptc/libiptc.h>
-
-#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */
-#define IPT_SO_GET_REVISION_MATCH	(IPT_BASE_CTL + 2)
-#define IPT_SO_GET_REVISION_TARGET	(IPT_BASE_CTL + 3)
-#endif /* IPT_SO_GET_REVISION_MATCH   Old kernel source */
-
-#define iptables_rule_match	xtables_rule_match
-#define ipt_tryload		xt_tryload
-
-extern int line;
+#include <iptables/internal.h>
 
 /* Your shared library should call one of these. */
 extern int do_command(int argc, char *argv[], char **table,
diff --git a/include/iptables/internal.h.in b/include/iptables/internal.h.in
new file mode 100644
index 00000000..8568e581
--- /dev/null
+++ b/include/iptables/internal.h.in
@@ -0,0 +1,13 @@
+#ifndef IPTABLES_INTERNAL_H
+#define IPTABLES_INTERNAL_H 1
+
+#define IPTABLES_VERSION "@PACKAGE_VERSION@"
+
+/**
+ * Program's own name and version.
+ */
+extern const char *program_name, *program_version;
+
+extern int line;
+
+#endif /* IPTABLES_INTERNAL_H */
diff --git a/include/xtables.h.in b/include/xtables.h.in
index da7ee6b9..6712aac0 100644
--- a/include/xtables.h.in
+++ b/include/xtables.h.in
@@ -269,10 +269,15 @@ extern const struct xtables_pprot xtables_chain_protos[];
 extern u_int16_t xtables_parse_protocol(const char *s);
 
 #ifdef XTABLES_INTERNAL
+
+/* Shipped modules rely on this... */
+
 #	ifndef ARRAY_SIZE
 #		define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
 #	endif
-#	include <xtables/internal.h>
+
+extern void _init(void);
+
 #endif
 
 #endif /* _XTABLES_H */
diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in
deleted file mode 100644
index 81ddb48a..00000000
--- a/include/xtables/internal.h.in
+++ /dev/null
@@ -1,17 +0,0 @@
-#ifndef _XTABLES_INTERNAL_H
-#define _XTABLES_INTERNAL_H 1
-
-#define IPTABLES_VERSION "@PACKAGE_VERSION@"
-
-#ifndef XT_LIB_DIR
-#	define XT_LIB_DIR "/usr/local/lib/iptables"
-#endif
-
-/**
- * Program's own name and version.
- */
-extern const char *program_name, *program_version;
-
-extern void _init(void);
-
-#endif /* _XTABLES_INTERNAL_H */
diff --git a/ip6tables.c b/ip6tables.c
index 9262b141..a73ea9ae 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -247,9 +247,9 @@ exit_tryhelp(int status)
 }
 
 static void
-exit_printhelp(struct ip6tables_rule_match *matches)
+exit_printhelp(struct xtables_rule_match *matches)
 {
-	struct ip6tables_rule_match *matchp = NULL;
+	struct xtables_rule_match *matchp = NULL;
 	struct xtables_target *t = NULL;
 
 	printf("%s v%s\n\n"
@@ -434,7 +434,7 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 static struct xtables_match *
 find_proto(const char *pname, enum xtables_tryload tryload,
-	   int nolookup, struct ip6tables_rule_match **matches)
+	   int nolookup, struct xtables_rule_match **matches)
 {
 	unsigned int proto;
 
@@ -847,11 +847,11 @@ insert_entry(const ip6t_chainlabel chain,
 }
 
 static unsigned char *
-make_delete_mask(struct ip6t_entry *fw, struct ip6tables_rule_match *matches)
+make_delete_mask(struct ip6t_entry *fw, struct xtables_rule_match *matches)
 {
 	/* Establish mask for comparison */
 	unsigned int size;
-	struct ip6tables_rule_match *matchp;
+	struct xtables_rule_match *matchp;
 	unsigned char *mask, *mptr;
 
 	size = sizeof(struct ip6t_entry);
@@ -888,7 +888,7 @@ delete_entry(const ip6t_chainlabel chain,
 	     const struct in6_addr daddrs[],
 	     int verbose,
 	     struct ip6tc_handle *handle,
-	     struct ip6tables_rule_match *matches)
+	     struct xtables_rule_match *matches)
 {
 	unsigned int i, j;
 	int ret = 1;
@@ -1279,11 +1279,11 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters,
 
 static struct ip6t_entry *
 generate_entry(const struct ip6t_entry *fw,
-	       struct ip6tables_rule_match *matches,
+	       struct xtables_rule_match *matches,
 	       struct ip6t_entry_target *target)
 {
 	unsigned int size;
-	struct ip6tables_rule_match *matchp;
+	struct xtables_rule_match *matchp;
 	struct ip6t_entry *e;
 
 	size = sizeof(struct ip6t_entry);
@@ -1305,9 +1305,9 @@ generate_entry(const struct ip6t_entry *fw,
 	return e;
 }
 
-static void clear_rule_matches(struct ip6tables_rule_match **matches)
+static void clear_rule_matches(struct xtables_rule_match **matches)
 {
-	struct ip6tables_rule_match *matchp, *tmp;
+	struct xtables_rule_match *matchp, *tmp;
 
 	for (matchp = *matches; matchp;) {
 		tmp = matchp->next;
@@ -1350,8 +1350,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 	const char *pcnt = NULL, *bcnt = NULL;
 	int ret = 1;
 	struct xtables_match *m;
-	struct ip6tables_rule_match *matches = NULL;
-	struct ip6tables_rule_match *matchp;
+	struct xtables_rule_match *matches = NULL;
+	struct xtables_rule_match *matchp;
 	struct xtables_target *target = NULL;
 	struct xtables_target *t;
 	const char *jumpto = "";
diff --git a/iptables.c b/iptables.c
index fe28e504..b90952dc 100644
--- a/iptables.c
+++ b/iptables.c
@@ -260,9 +260,9 @@ exit_tryhelp(int status)
 }
 
 static void
-exit_printhelp(struct iptables_rule_match *matches)
+exit_printhelp(struct xtables_rule_match *matches)
 {
-	struct iptables_rule_match *matchp = NULL;
+	struct xtables_rule_match *matchp = NULL;
 	struct xtables_target *t = NULL;
 
 	printf("%s v%s\n\n"
@@ -447,7 +447,7 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds,
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 static struct xtables_match *
 find_proto(const char *pname, enum xtables_tryload tryload,
-	   int nolookup, struct iptables_rule_match **matches)
+	   int nolookup, struct xtables_rule_match **matches)
 {
 	unsigned int proto;
 
@@ -851,11 +851,11 @@ insert_entry(const ipt_chainlabel chain,
 }
 
 static unsigned char *
-make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches)
+make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches)
 {
 	/* Establish mask for comparison */
 	unsigned int size;
-	struct iptables_rule_match *matchp;
+	struct xtables_rule_match *matchp;
 	unsigned char *mask, *mptr;
 
 	size = sizeof(struct ipt_entry);
@@ -892,7 +892,7 @@ delete_entry(const ipt_chainlabel chain,
 	     const struct in_addr daddrs[],
 	     int verbose,
 	     struct iptc_handle *handle,
-	     struct iptables_rule_match *matches)
+	     struct xtables_rule_match *matches)
 {
 	unsigned int i, j;
 	int ret = 1;
@@ -1289,11 +1289,11 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters,
 
 static struct ipt_entry *
 generate_entry(const struct ipt_entry *fw,
-	       struct iptables_rule_match *matches,
+	       struct xtables_rule_match *matches,
 	       struct ipt_entry_target *target)
 {
 	unsigned int size;
-	struct iptables_rule_match *matchp;
+	struct xtables_rule_match *matchp;
 	struct ipt_entry *e;
 
 	size = sizeof(struct ipt_entry);
@@ -1315,9 +1315,9 @@ generate_entry(const struct ipt_entry *fw,
 	return e;
 }
 
-static void clear_rule_matches(struct iptables_rule_match **matches)
+static void clear_rule_matches(struct xtables_rule_match **matches)
 {
-	struct iptables_rule_match *matchp, *tmp;
+	struct xtables_rule_match *matchp, *tmp;
 
 	for (matchp = *matches; matchp;) {
 		tmp = matchp->next;
@@ -1374,8 +1374,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
 	const char *pcnt = NULL, *bcnt = NULL;
 	int ret = 1;
 	struct xtables_match *m;
-	struct iptables_rule_match *matches = NULL;
-	struct iptables_rule_match *matchp;
+	struct xtables_rule_match *matches = NULL;
+	struct xtables_rule_match *matchp;
 	struct xtables_target *target = NULL;
 	struct xtables_target *t;
 	const char *jumpto = "";
diff --git a/xtables.c b/xtables.c
index 8e28d5eb..02bfc17a 100644
--- a/xtables.c
+++ b/xtables.c
@@ -39,6 +39,15 @@
 #ifndef NO_SHARED_LIBS
 #include <dlfcn.h>
 #endif
+#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */
+#	define IPT_SO_GET_REVISION_MATCH	(IPT_BASE_CTL + 2)
+#	define IPT_SO_GET_REVISION_TARGET	(IPT_BASE_CTL + 3)
+#endif
+#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */
+#	define IP6T_SO_GET_REVISION_MATCH	68
+#	define IP6T_SO_GET_REVISION_TARGET	69
+#endif
+
 
 #define NPROTO	255
 
@@ -163,6 +172,19 @@ void xtables_init(void)
 		        "use XTABLES_LIBDIR.\n");
 		return;
 	}
+	/*
+	 * Well yes, IP6TABLES_LIB_DIR is of lower priority over
+	 * IPTABLES_LIB_DIR since this moved to libxtables; I think that is ok
+	 * for these env vars are deprecated anyhow, and in light of the
+	 * (shared) libxt_*.so files, makes less sense to have
+	 * IPTABLES_LIB_DIR != IP6TABLES_LIB_DIR.
+	 */
+	xtables_libdir = getenv("IP6TABLES_LIB_DIR");
+	if (xtables_libdir != NULL) {
+		fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, "
+		        "use XTABLES_LIBDIR.\n");
+		return;
+	}
 	xtables_libdir = XTABLES_LIBDIR;
 }