diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | Makefile.am | 7 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | include/ip6tables.h | 11 | ||||
-rw-r--r-- | include/iptables.h | 11 | ||||
-rw-r--r-- | include/iptables/internal.h.in | 13 | ||||
-rw-r--r-- | include/xtables.h.in | 7 | ||||
-rw-r--r-- | include/xtables/internal.h.in | 17 | ||||
-rw-r--r-- | ip6tables.c | 24 | ||||
-rw-r--r-- | iptables.c | 24 | ||||
-rw-r--r-- | xtables.c | 22 |
11 files changed, 73 insertions, 67 deletions
@@ -18,7 +18,7 @@ Makefile.in /extensions/targets?.man /include/xtables.h -/include/xtables/internal.h +/include/iptables/internal.h /aclocal.m4 /autom4te*.cache diff --git a/Makefile.am b/Makefile.am index 96de1b2e..dbdfa97a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,11 +15,12 @@ libiptc_libiptc_a_SOURCES = libiptc/libip4tc.c libiptc/libip6tc.c lib_LTLIBRARIES = libxtables.la libxtables_la_SOURCES = xtables.c libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage} +libxtables_la_LIBADD = -ldl # iptables, dynamic iptables_SOURCES = iptables-standalone.c iptables.c iptables_LDFLAGS = -rdynamic -iptables_LDADD = -ldl -lm libiptc/libiptc.a extensions/libext4.a libxtables.la +iptables_LDADD = -lm libiptc/libiptc.a extensions/libext4.a libxtables.la iptables_xml_LDADD = -ldl libxtables.la iptables_multi_SOURCES = iptables-multi.c iptables-save.c \ @@ -47,7 +48,7 @@ iptables_xml_SOURCES = iptables-xml.c # ip6tables, dynamic ip6tables_SOURCES = ip6tables-standalone.c ip6tables.c ip6tables_LDFLAGS = -rdynamic -ip6tables_LDADD = -ldl -lm libiptc/libiptc.a extensions/libext6.a libxtables.la +ip6tables_LDADD = -lm libiptc/libiptc.a extensions/libext6.a libxtables.la ip6tables_multi_SOURCES = ip6tables-multi.c ip6tables-save.c \ ip6tables-restore.c ip6tables-standalone.c \ @@ -105,7 +106,7 @@ tarball: tar -C /tmp -cjf ${PACKAGE_TARNAME}-${PACKAGE_VERSION}.tar.bz2 --owner=root --group=root ${PACKAGE_TARNAME}-${PACKAGE_VERSION}/; rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION}; -config.status: include/xtables.h.in +config.status: include/xtables.h.in include/iptables/internal.h.in # ldconfig may fail when we are not root (as is the case in build systems) # so add appropriate protection that it does not let `make` fail. diff --git a/configure.ac b/configure.ac index bb32130c..888ba429 100644 --- a/configure.ac +++ b/configure.ac @@ -79,5 +79,5 @@ libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage)); AC_SUBST([libxtables_vmajor]) AC_CONFIG_FILES([Makefile extensions/GNUmakefile libipq/Makefile - include/xtables.h include/xtables/internal.h xtables.pc]) + include/xtables.h include/iptables/internal.h xtables.pc]) AC_OUTPUT diff --git a/include/ip6tables.h b/include/ip6tables.h index 1956cf06..86587e6f 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -4,16 +4,7 @@ #include <netinet/ip.h> #include <xtables.h> #include <libiptc/libip6tc.h> - -#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ -#define IP6T_SO_GET_REVISION_MATCH 68 -#define IP6T_SO_GET_REVISION_TARGET 69 -#endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */ - -#define ip6tables_rule_match xtables_rule_match -#define ip6t_tryload xt_tryload - -extern int line; +#include <iptables/internal.h> /* Your shared library should call one of these. */ extern int do_command6(int argc, char *argv[], char **table, diff --git a/include/iptables.h b/include/iptables.h index f7ae0cc5..f0aa3455 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -4,16 +4,7 @@ #include <netinet/ip.h> #include <xtables.h> #include <libiptc/libiptc.h> - -#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ -#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) -#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) -#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ - -#define iptables_rule_match xtables_rule_match -#define ipt_tryload xt_tryload - -extern int line; +#include <iptables/internal.h> /* Your shared library should call one of these. */ extern int do_command(int argc, char *argv[], char **table, diff --git a/include/iptables/internal.h.in b/include/iptables/internal.h.in new file mode 100644 index 00000000..8568e581 --- /dev/null +++ b/include/iptables/internal.h.in @@ -0,0 +1,13 @@ +#ifndef IPTABLES_INTERNAL_H +#define IPTABLES_INTERNAL_H 1 + +#define IPTABLES_VERSION "@PACKAGE_VERSION@" + +/** + * Program's own name and version. + */ +extern const char *program_name, *program_version; + +extern int line; + +#endif /* IPTABLES_INTERNAL_H */ diff --git a/include/xtables.h.in b/include/xtables.h.in index da7ee6b9..6712aac0 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -269,10 +269,15 @@ extern const struct xtables_pprot xtables_chain_protos[]; extern u_int16_t xtables_parse_protocol(const char *s); #ifdef XTABLES_INTERNAL + +/* Shipped modules rely on this... */ + # ifndef ARRAY_SIZE # define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) # endif -# include <xtables/internal.h> + +extern void _init(void); + #endif #endif /* _XTABLES_H */ diff --git a/include/xtables/internal.h.in b/include/xtables/internal.h.in deleted file mode 100644 index 81ddb48a..00000000 --- a/include/xtables/internal.h.in +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef _XTABLES_INTERNAL_H -#define _XTABLES_INTERNAL_H 1 - -#define IPTABLES_VERSION "@PACKAGE_VERSION@" - -#ifndef XT_LIB_DIR -# define XT_LIB_DIR "/usr/local/lib/iptables" -#endif - -/** - * Program's own name and version. - */ -extern const char *program_name, *program_version; - -extern void _init(void); - -#endif /* _XTABLES_INTERNAL_H */ diff --git a/ip6tables.c b/ip6tables.c index 9262b141..a73ea9ae 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -247,9 +247,9 @@ exit_tryhelp(int status) } static void -exit_printhelp(struct ip6tables_rule_match *matches) +exit_printhelp(struct xtables_rule_match *matches) { - struct ip6tables_rule_match *matchp = NULL; + struct xtables_rule_match *matchp = NULL; struct xtables_target *t = NULL; printf("%s v%s\n\n" @@ -434,7 +434,7 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * find_proto(const char *pname, enum xtables_tryload tryload, - int nolookup, struct ip6tables_rule_match **matches) + int nolookup, struct xtables_rule_match **matches) { unsigned int proto; @@ -847,11 +847,11 @@ insert_entry(const ip6t_chainlabel chain, } static unsigned char * -make_delete_mask(struct ip6t_entry *fw, struct ip6tables_rule_match *matches) +make_delete_mask(struct ip6t_entry *fw, struct xtables_rule_match *matches) { /* Establish mask for comparison */ unsigned int size; - struct ip6tables_rule_match *matchp; + struct xtables_rule_match *matchp; unsigned char *mask, *mptr; size = sizeof(struct ip6t_entry); @@ -888,7 +888,7 @@ delete_entry(const ip6t_chainlabel chain, const struct in6_addr daddrs[], int verbose, struct ip6tc_handle *handle, - struct ip6tables_rule_match *matches) + struct xtables_rule_match *matches) { unsigned int i, j; int ret = 1; @@ -1279,11 +1279,11 @@ list_rules(const ip6t_chainlabel chain, int rulenum, int counters, static struct ip6t_entry * generate_entry(const struct ip6t_entry *fw, - struct ip6tables_rule_match *matches, + struct xtables_rule_match *matches, struct ip6t_entry_target *target) { unsigned int size; - struct ip6tables_rule_match *matchp; + struct xtables_rule_match *matchp; struct ip6t_entry *e; size = sizeof(struct ip6t_entry); @@ -1305,9 +1305,9 @@ generate_entry(const struct ip6t_entry *fw, return e; } -static void clear_rule_matches(struct ip6tables_rule_match **matches) +static void clear_rule_matches(struct xtables_rule_match **matches) { - struct ip6tables_rule_match *matchp, *tmp; + struct xtables_rule_match *matchp, *tmp; for (matchp = *matches; matchp;) { tmp = matchp->next; @@ -1350,8 +1350,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand const char *pcnt = NULL, *bcnt = NULL; int ret = 1; struct xtables_match *m; - struct ip6tables_rule_match *matches = NULL; - struct ip6tables_rule_match *matchp; + struct xtables_rule_match *matches = NULL; + struct xtables_rule_match *matchp; struct xtables_target *target = NULL; struct xtables_target *t; const char *jumpto = ""; @@ -260,9 +260,9 @@ exit_tryhelp(int status) } static void -exit_printhelp(struct iptables_rule_match *matches) +exit_printhelp(struct xtables_rule_match *matches) { - struct iptables_rule_match *matchp = NULL; + struct xtables_rule_match *matchp = NULL; struct xtables_target *t = NULL; printf("%s v%s\n\n" @@ -447,7 +447,7 @@ add_command(unsigned int *cmd, const int newcmd, const int othercmds, /* Christophe Burki wants `-p 6' to imply `-m tcp'. */ static struct xtables_match * find_proto(const char *pname, enum xtables_tryload tryload, - int nolookup, struct iptables_rule_match **matches) + int nolookup, struct xtables_rule_match **matches) { unsigned int proto; @@ -851,11 +851,11 @@ insert_entry(const ipt_chainlabel chain, } static unsigned char * -make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches) +make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches) { /* Establish mask for comparison */ unsigned int size; - struct iptables_rule_match *matchp; + struct xtables_rule_match *matchp; unsigned char *mask, *mptr; size = sizeof(struct ipt_entry); @@ -892,7 +892,7 @@ delete_entry(const ipt_chainlabel chain, const struct in_addr daddrs[], int verbose, struct iptc_handle *handle, - struct iptables_rule_match *matches) + struct xtables_rule_match *matches) { unsigned int i, j; int ret = 1; @@ -1289,11 +1289,11 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters, static struct ipt_entry * generate_entry(const struct ipt_entry *fw, - struct iptables_rule_match *matches, + struct xtables_rule_match *matches, struct ipt_entry_target *target) { unsigned int size; - struct iptables_rule_match *matchp; + struct xtables_rule_match *matchp; struct ipt_entry *e; size = sizeof(struct ipt_entry); @@ -1315,9 +1315,9 @@ generate_entry(const struct ipt_entry *fw, return e; } -static void clear_rule_matches(struct iptables_rule_match **matches) +static void clear_rule_matches(struct xtables_rule_match **matches) { - struct iptables_rule_match *matchp, *tmp; + struct xtables_rule_match *matchp, *tmp; for (matchp = *matches; matchp;) { tmp = matchp->next; @@ -1374,8 +1374,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle const char *pcnt = NULL, *bcnt = NULL; int ret = 1; struct xtables_match *m; - struct iptables_rule_match *matches = NULL; - struct iptables_rule_match *matchp; + struct xtables_rule_match *matches = NULL; + struct xtables_rule_match *matchp; struct xtables_target *target = NULL; struct xtables_target *t; const char *jumpto = ""; @@ -39,6 +39,15 @@ #ifndef NO_SHARED_LIBS #include <dlfcn.h> #endif +#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ +# define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) +# define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) +#endif +#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ +# define IP6T_SO_GET_REVISION_MATCH 68 +# define IP6T_SO_GET_REVISION_TARGET 69 +#endif + #define NPROTO 255 @@ -163,6 +172,19 @@ void xtables_init(void) "use XTABLES_LIBDIR.\n"); return; } + /* + * Well yes, IP6TABLES_LIB_DIR is of lower priority over + * IPTABLES_LIB_DIR since this moved to libxtables; I think that is ok + * for these env vars are deprecated anyhow, and in light of the + * (shared) libxt_*.so files, makes less sense to have + * IPTABLES_LIB_DIR != IP6TABLES_LIB_DIR. + */ + xtables_libdir = getenv("IP6TABLES_LIB_DIR"); + if (xtables_libdir != NULL) { + fprintf(stderr, "IP6TABLES_LIB_DIR is deprecated, " + "use XTABLES_LIBDIR.\n"); + return; + } xtables_libdir = XTABLES_LIBDIR; } |