summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libip6t_LOG.c2
-rw-r--r--extensions/libip6t_REJECT.c2
-rw-r--r--extensions/libip6t_condition.c9
-rw-r--r--extensions/libip6t_eui64.c9
-rw-r--r--extensions/libip6t_fuzzy.c2
-rw-r--r--extensions/libip6t_hl.c7
-rw-r--r--extensions/libip6t_icmpv6.c11
-rw-r--r--extensions/libip6t_ipv6header.c2
-rw-r--r--extensions/libip6t_length.c8
-rw-r--r--extensions/libip6t_limit.c2
-rw-r--r--extensions/libip6t_mac.c9
-rw-r--r--extensions/libip6t_mark.c9
-rw-r--r--extensions/libip6t_multiport.c3
-rw-r--r--extensions/libip6t_nth.c8
-rw-r--r--extensions/libip6t_owner.c9
-rw-r--r--extensions/libip6t_random.c1
-rw-r--r--extensions/libip6t_tcp.c5
-rw-r--r--extensions/libip6t_udp.c2
-rw-r--r--extensions/libipt_BALANCE.c2
-rw-r--r--extensions/libipt_DNAT.c9
-rw-r--r--extensions/libipt_IPMARK.c1
-rw-r--r--extensions/libipt_IPV4OPTSSTRIP.c6
-rw-r--r--extensions/libipt_LOG.c2
-rw-r--r--extensions/libipt_MASQUERADE.c2
-rw-r--r--extensions/libipt_NETLINK.c1
-rw-r--r--extensions/libipt_NETMAP.c2
-rw-r--r--extensions/libipt_POOL.c2
-rw-r--r--extensions/libipt_REDIRECT.c2
-rw-r--r--extensions/libipt_REJECT.c2
-rw-r--r--extensions/libipt_SAME.c2
-rw-r--r--extensions/libipt_SET.c2
-rw-r--r--extensions/libipt_SNAT.c9
-rw-r--r--extensions/libipt_TARPIT.c8
-rw-r--r--extensions/libipt_TCPLAG.c13
-rw-r--r--extensions/libipt_ULOG.c2
-rw-r--r--extensions/libipt_account.c1
-rw-r--r--extensions/libipt_addrtype.c7
-rw-r--r--extensions/libipt_childlevel.c7
-rw-r--r--extensions/libipt_comment.c8
-rw-r--r--extensions/libipt_condition.c9
-rw-r--r--extensions/libipt_connbytes.c9
-rw-r--r--extensions/libipt_connlimit.c9
-rw-r--r--extensions/libipt_connrate.c9
-rw-r--r--extensions/libipt_conntrack.c9
-rw-r--r--extensions/libipt_dscp.c6
-rw-r--r--extensions/libipt_dstlimit.c2
-rw-r--r--extensions/libipt_ecn.c6
-rw-r--r--extensions/libipt_fuzzy.c1
-rw-r--r--extensions/libipt_hashlimit.c2
-rw-r--r--extensions/libipt_helper.c9
-rw-r--r--extensions/libipt_icmp.c11
-rw-r--r--extensions/libipt_iprange.c9
-rw-r--r--extensions/libipt_ipv4options.c9
-rw-r--r--extensions/libipt_length.c8
-rw-r--r--extensions/libipt_limit.c2
-rw-r--r--extensions/libipt_mac.c9
-rw-r--r--extensions/libipt_mark.c9
-rw-r--r--extensions/libipt_mport.c3
-rw-r--r--extensions/libipt_multiport.c6
-rw-r--r--extensions/libipt_nth.c8
-rw-r--r--extensions/libipt_osf.c8
-rw-r--r--extensions/libipt_owner.c9
-rw-r--r--extensions/libipt_pkttype.c6
-rw-r--r--extensions/libipt_pool.c2
-rw-r--r--extensions/libipt_psd.c2
-rw-r--r--extensions/libipt_quota.c9
-rw-r--r--extensions/libipt_random.c1
-rw-r--r--extensions/libipt_realm.c9
-rw-r--r--extensions/libipt_recent.c1
-rw-r--r--extensions/libipt_record_rpc.c33
-rw-r--r--extensions/libipt_rpc.c2
-rw-r--r--extensions/libipt_sctp.c2
-rw-r--r--extensions/libipt_set.c2
-rw-r--r--extensions/libipt_state.c9
-rw-r--r--extensions/libipt_string.c10
-rw-r--r--extensions/libipt_tcp.c5
-rw-r--r--extensions/libipt_tcpmss.c8
-rw-r--r--extensions/libipt_time.c2
-rw-r--r--extensions/libipt_tos.c8
-rw-r--r--extensions/libipt_ttl.c7
-rw-r--r--extensions/libipt_u32.c8
-rw-r--r--extensions/libipt_udp.c2
-rw-r--r--extensions/libipt_unclean.c9
-rw-r--r--ip6tables.c5
-rw-r--r--iptables.c18
-rw-r--r--libiptc/libip4tc.c11
-rw-r--r--libiptc/libip6tc.c11
87 files changed, 26 insertions, 508 deletions
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 74655af2..3cde0eec 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -42,8 +42,6 @@ init(struct ip6t_entry_target *t, unsigned int *nfcache)
loginfo->level = LOG_DEFAULT_LEVEL;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
struct ip6t_log_names {
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index 702f6b3d..879716b0 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -79,8 +79,6 @@ init(struct ip6t_entry_target *t, unsigned int *nfcache)
/* default */
reject->with = IP6T_ICMP6_PORT_UNREACH;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
diff --git a/extensions/libip6t_condition.c b/extensions/libip6t_condition.c
index f58b3bc3..0e94c39e 100644
--- a/extensions/libip6t_condition.c
+++ b/extensions/libip6t_condition.c
@@ -24,14 +24,6 @@ static struct option opts[] = {
{ .name = 0 }
};
-
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ip6t_entry *entry, unsigned int *nfcache,
@@ -99,7 +91,6 @@ static struct ip6tables_match condition = {
.size = IP6T_ALIGN(sizeof(struct condition6_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct condition6_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_eui64.c b/extensions/libip6t_eui64.c
index f8962c60..c74b04db 100644
--- a/extensions/libip6t_eui64.c
+++ b/extensions/libip6t_eui64.c
@@ -26,14 +26,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -71,7 +63,6 @@ static struct ip6tables_match eui64 = {
.size = IP6T_ALIGN(sizeof(int)),
.userspacesize = IP6T_ALIGN(sizeof(int)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_fuzzy.c b/extensions/libip6t_fuzzy.c
index 65c2acfd..749ddc8f 100644
--- a/extensions/libip6t_fuzzy.c
+++ b/extensions/libip6t_fuzzy.c
@@ -44,8 +44,6 @@ static void
init(struct ip6t_entry_match *m, unsigned int *nfcache)
{
struct ip6t_fuzzy_info *presentinfo = (struct ip6t_fuzzy_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
-
/*
* Default rates ( I'll improve this very soon with something based
* on real statistics of the running machine ) .
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index 2d068b8a..208da33f 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -25,12 +25,6 @@ static void help(void)
, IPTABLES_VERSION);
}
-static void init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ip6t_entry *entry, unsigned int *nfcache,
struct ip6t_entry_match **match)
@@ -141,7 +135,6 @@ struct ip6tables_match hl = {
.size = IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_hl_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_icmpv6.c b/extensions/libip6t_icmpv6.c
index 62ee90f5..a29bb389 100644
--- a/extensions/libip6t_icmpv6.c
+++ b/extensions/libip6t_icmpv6.c
@@ -90,7 +90,7 @@ static struct option opts[] = {
{0}
};
-static unsigned int
+static void
parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[])
{
unsigned int limit = sizeof(icmpv6_codes)/sizeof(struct icmpv6_names);
@@ -141,10 +141,6 @@ parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[])
code[1] = 0xFF;
}
}
-
- if (code[0] == 0 && code[1] == 0xFF)
- return NFC_IP6_SRC_PT;
- else return NFC_IP6_SRC_PT | NFC_IP6_DST_PT;
}
/* Initialize the match. */
@@ -169,9 +165,8 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
check_inverse(optarg, &invert, &optind, 0);
- *nfcache |= parse_icmpv6(argv[optind-1],
- &icmpv6info->type,
- icmpv6info->code);
+ parse_icmpv6(argv[optind-1], &icmpv6info->type,
+ icmpv6info->code);
if (invert)
icmpv6info->invflags |= IP6T_ICMP_INV;
break;
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index a06ced6e..a260e6e1 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -162,8 +162,6 @@ init(struct ip6t_entry_match *m, unsigned int *nfcache)
info->matchflags = 0x00;
info->invflags = 0x00;
info->modeflag = 0x00;
- /* No caching (yet) */
- *nfcache |= NFC_UNKNOWN;
}
static unsigned int
diff --git a/extensions/libip6t_length.c b/extensions/libip6t_length.c
index 0d531aea..c944c65e 100644
--- a/extensions/libip6t_length.c
+++ b/extensions/libip6t_length.c
@@ -26,13 +26,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static u_int16_t
parse_length(const char *s)
{
@@ -146,7 +139,6 @@ struct ip6tables_match length = {
.size = IP6T_ALIGN(sizeof(struct ip6t_length_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_length_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c
index 927b6d14..6c88ee1c 100644
--- a/extensions/libip6t_limit.c
+++ b/extensions/libip6t_limit.c
@@ -81,8 +81,6 @@ init(struct ip6t_entry_match *m, unsigned int *nfcache)
parse_rate(IP6T_LIMIT_AVG, &r->avg);
r->burst = IP6T_LIMIT_BURST;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* FIXME: handle overflow:
diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c
index 353f7461..e47f21f6 100644
--- a/extensions/libip6t_mac.c
+++ b/extensions/libip6t_mac.c
@@ -28,14 +28,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_mac(const char *mac, struct ip6t_mac_info *info)
{
@@ -134,7 +126,6 @@ static struct ip6tables_match mac = {
.size = IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c
index 54a279e2..b831cfe4 100644
--- a/extensions/libip6t_mark.c
+++ b/extensions/libip6t_mark.c
@@ -25,14 +25,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -137,7 +129,6 @@ static struct ip6tables_match mark = {
.size = IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_multiport.c b/extensions/libip6t_multiport.c
index c12e1bdb..013241b2 100644
--- a/extensions/libip6t_multiport.c
+++ b/extensions/libip6t_multiport.c
@@ -117,7 +117,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IP6T_MULTIPORT_SOURCE;
- *nfcache |= NFC_IP6_SRC_PT;
break;
case '2':
@@ -126,7 +125,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IP6T_MULTIPORT_DESTINATION;
- *nfcache |= NFC_IP6_DST_PT;
break;
case '3':
@@ -135,7 +133,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IP6T_MULTIPORT_EITHER;
- *nfcache |= NFC_IP6_SRC_PT | NFC_IP6_DST_PT;
break;
default:
diff --git a/extensions/libip6t_nth.c b/extensions/libip6t_nth.c
index 26eeb26e..19b13f79 100644
--- a/extensions/libip6t_nth.c
+++ b/extensions/libip6t_nth.c
@@ -50,13 +50,6 @@ static struct option opts[] = {
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
#define IP6T_NTH_OPT_EVERY 0x01
#define IP6T_NTH_OPT_NOT_EVERY 0x02
#define IP6T_NTH_OPT_START 0x04
@@ -223,7 +216,6 @@ struct ip6tables_match nth = {
.size = IP6T_ALIGN(sizeof(struct ip6t_nth_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_nth_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c
index ec5c4fd5..6f27ebb6 100644
--- a/extensions/libip6t_owner.c
+++ b/extensions/libip6t_owner.c
@@ -47,14 +47,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ip6t_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -243,7 +235,6 @@ static struct ip6tables_match owner = {
.size = IP6T_ALIGN(sizeof(struct ip6t_owner_info)),
.userspacesize = IP6T_ALIGN(sizeof(struct ip6t_owner_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libip6t_random.c b/extensions/libip6t_random.c
index f32c009a..d34a2308 100644
--- a/extensions/libip6t_random.c
+++ b/extensions/libip6t_random.c
@@ -52,7 +52,6 @@ static void
init(struct ip6t_entry_match *m, unsigned int *nfcache)
{
struct ip6t_rand_info *randinfo = (struct ip6t_rand_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
/* We assign the average to be 50 which is our default value */
/* 50 * 2.55 = 128 */
diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index 5c665942..a0491280 100644
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -187,7 +187,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_SRCPT;
*flags |= TCP_SRC_PORTS;
- *nfcache |= NFC_IP6_SRC_PT;
break;
case '2':
@@ -199,7 +198,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_DSTPT;
*flags |= TCP_DST_PORTS;
- *nfcache |= NFC_IP6_DST_PT;
break;
case '3':
@@ -209,7 +207,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
" allowed");
parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP6_TCPFLAGS;
break;
case '4':
@@ -228,7 +225,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
invert);
optind++;
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP6_TCPFLAGS;
break;
case '5':
@@ -240,7 +236,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_OPTION;
*flags |= TCP_OPTION;
- *nfcache |= NFC_IP6_PROTO_UNKNOWN;
break;
default:
diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c
index 73e1d1e9..842581d9 100644
--- a/extensions/libip6t_udp.c
+++ b/extensions/libip6t_udp.c
@@ -109,7 +109,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_SRCPT;
*flags |= UDP_SRC_PORTS;
- *nfcache |= NFC_IP6_SRC_PT;
break;
case '2':
@@ -121,7 +120,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;
- *nfcache |= NFC_IP6_DST_PT;
break;
default:
diff --git a/extensions/libipt_BALANCE.c b/extensions/libipt_BALANCE.c
index 1b97ea2e..6d6392f8 100644
--- a/extensions/libipt_BALANCE.c
+++ b/extensions/libipt_BALANCE.c
@@ -35,8 +35,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses range of IPs */
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 96a6e6b5..94d04e8e 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -33,14 +33,6 @@ static struct option opts[] = {
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static struct ipt_natinfo *
append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
{
@@ -236,7 +228,6 @@ static struct iptables_target dnat = {
.size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_IPMARK.c b/extensions/libipt_IPMARK.c
index 3a557fe7..3e0942de 100644
--- a/extensions/libipt_IPMARK.c
+++ b/extensions/libipt_IPMARK.c
@@ -53,7 +53,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
ipmarkinfo->andmask=0xffffffff;
ipmarkinfo->ormask=0;
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
diff --git a/extensions/libipt_IPV4OPTSSTRIP.c b/extensions/libipt_IPV4OPTSSTRIP.c
index c154ef53..d0305e63 100644
--- a/extensions/libipt_IPV4OPTSSTRIP.c
+++ b/extensions/libipt_IPV4OPTSSTRIP.c
@@ -13,11 +13,6 @@
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static void help(void)
{
printf("IPV4OPTSSTRIP v%s target takes no option !! Make sure you use it in the mangle table.\n",
@@ -66,7 +61,6 @@ static struct iptables_target IPV4OPTSSTRIP = {
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 39d6fb0b..74d65552 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -50,8 +50,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
loginfo->level = LOG_DEFAULT_LEVEL;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
struct ipt_log_names {
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 31af1203..b661012e 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -33,8 +33,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses ports */
diff --git a/extensions/libipt_NETLINK.c b/extensions/libipt_NETLINK.c
index 9cc190c2..403c4139 100644
--- a/extensions/libipt_NETLINK.c
+++ b/extensions/libipt_NETLINK.c
@@ -32,7 +32,6 @@ static void init(struct ipt_entry_target *t, unsigned int *nfcache)
nld->flags=0;
- *nfcache |= NFC_UNKNOWN;
}
/* Parse command options */
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index 81d0e5c6..a39c731e 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -63,8 +63,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses network address */
diff --git a/extensions/libipt_POOL.c b/extensions/libipt_POOL.c
index 0ce9f209..95756bc5 100644
--- a/extensions/libipt_POOL.c
+++ b/extensions/libipt_POOL.c
@@ -51,8 +51,6 @@ init(struct ipt_entry_target *target, unsigned int *nfcache)
ipi->src = ipi->dst = IP_POOL_NONE;
ipi->flags = 0;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index b40cb496..1395f62e 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -33,8 +33,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses ports */
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 4b08e453..f9823315 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -94,8 +94,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
/* default */
reject->with = IPT_ICMP_PORT_UNREACHABLE;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 65455017..4eda2237 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -43,8 +43,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
mr->info = 0;
mr->ipnum = 0;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* Parses range of IPs */
diff --git a/extensions/libipt_SET.c b/extensions/libipt_SET.c
index 2cf483c4..91d1a47a 100644
--- a/extensions/libipt_SET.c
+++ b/extensions/libipt_SET.c
@@ -51,8 +51,6 @@ static void init(struct ipt_entry_target *target, unsigned int *nfcache)
info->add_set.index =
info->del_set.index = IP_SET_INVALID_ID;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
static void
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index f10d0418..7510f6e7 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -33,14 +33,6 @@ static struct option opts[] = {
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static struct ipt_natinfo *
append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
{
@@ -236,7 +228,6 @@ static struct iptables_target snat = {
.size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_TARPIT.c b/extensions/libipt_TARPIT.c
index 1d1b0639..b12cbc2c 100644
--- a/extensions/libipt_TARPIT.c
+++ b/extensions/libipt_TARPIT.c
@@ -15,13 +15,6 @@ static struct option opts[] = {
{ 0 }
};
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
@@ -52,7 +45,6 @@ static struct iptables_target tarpit = {
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_TCPLAG.c b/extensions/libipt_TCPLAG.c
index 27361e7c..b6166c00 100644
--- a/extensions/libipt_TCPLAG.c
+++ b/extensions/libipt_TCPLAG.c
@@ -70,18 +70,6 @@ static const struct option opts[] =
* our own private data structure (which is at t->data).
* Probably we could fiddle with t->tflags too but there is
* no great advantage in doing so.
- *
- * TODO: Find documentation for the above flags which
- * can be ored into nfcache...
- *
- * NFC_IP6_DST_PT
- * NFC_IP6_PROTO_UNKNOWN
- * NFC_IP6_SRC_PT
- * NFC_IP6_TCPFLAGS
- * NFC_IP_DST_PT
- * NFC_IP_SRC_PT
- * NFC_IP_TOS
- * NFC_UNKNOWN -- This one seems safest
*/
static void init( struct ipt_entry_target *t, unsigned int *nfcache )
{
@@ -89,7 +77,6 @@ static void init( struct ipt_entry_target *t, unsigned int *nfcache )
memset( el, 0, sizeof( struct ipt_tcplag ));
el->level = 4; /* Default to warning level */
strcpy( el->prefix, "TCPLAG:" ); /* Give a reasonable default prefix */
- *nfcache |= NFC_UNKNOWN;
}
/*
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index e0731416..81e0aea9 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -60,8 +60,6 @@ static void init(struct ipt_entry_target *t, unsigned int *nfcache)
loginfo->nl_group = ULOG_DEFAULT_NLGROUP;
loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
#define IPT_LOG_OPT_NLGROUP 0x01
diff --git a/extensions/libipt_account.c b/extensions/libipt_account.c
index 86af85d1..d049a03d 100644
--- a/extensions/libipt_account.c
+++ b/extensions/libipt_account.c
@@ -168,7 +168,6 @@ static void init(struct ipt_entry_match *match,
struct t_ipt_account_info *info = (struct t_ipt_account_info *)(match)->data;
- *nfcache |= NFC_UNKNOWN;
/* set default table name to DEFAULT */
strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN);
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index 9a82cc5c..d8e19296 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -48,12 +48,6 @@ static void help(void)
help_types();
}
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse_type(const char *name, size_t strlen, u_int16_t *mask)
{
@@ -199,7 +193,6 @@ struct iptables_match addrtype = {
.size = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_childlevel.c b/extensions/libipt_childlevel.c
index bc9f0ad9..1018c9e0 100644
--- a/extensions/libipt_childlevel.c
+++ b/extensions/libipt_childlevel.c
@@ -39,12 +39,6 @@ static struct option opts[] = {
{ .name = 0 }
};
-/* Initialize the match. */
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it ate an option */
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
@@ -108,7 +102,6 @@ static struct iptables_match childlevel = {
.size = IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_comment.c b/extensions/libipt_comment.c
index 253b267f..c543fc69 100644
--- a/extensions/libipt_comment.c
+++ b/extensions/libipt_comment.c
@@ -29,13 +29,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_comment(const unsigned char *s, struct ipt_comment_info *info)
{
@@ -113,7 +106,6 @@ static struct iptables_match comment = {
.size = IPT_ALIGN(sizeof(struct ipt_comment_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_comment_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_condition.c b/extensions/libipt_condition.c
index 553739d0..16558fe6 100644
--- a/extensions/libipt_condition.c
+++ b/extensions/libipt_condition.c
@@ -24,14 +24,6 @@ static struct option opts[] = {
{ .name = 0 }
};
-
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
@@ -99,7 +91,6 @@ static struct iptables_match condition = {
.size = IPT_ALIGN(sizeof(struct condition_info)),
.userspacesize = IPT_ALIGN(sizeof(struct condition_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_connbytes.c b/extensions/libipt_connbytes.c
index 2d61a4af..2f53bac5 100644
--- a/extensions/libipt_connbytes.c
+++ b/extensions/libipt_connbytes.c
@@ -27,14 +27,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_range(const char *arg, struct ipt_connbytes_info *si)
{
@@ -199,7 +191,6 @@ static struct iptables_match state = {
.size = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index 54f02112..17b4d13b 100644
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -26,14 +26,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -127,7 +119,6 @@ static struct iptables_match connlimit = {
.size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
.userspacesize = offsetof(struct ipt_connlimit_info,data),
.help = help,
- .init = init,
.parse = parse,
.final_check = final_check,
.print = print,
diff --git a/extensions/libipt_connrate.c b/extensions/libipt_connrate.c
index 3c76a70d..47c5fcbb 100644
--- a/extensions/libipt_connrate.c
+++ b/extensions/libipt_connrate.c
@@ -34,14 +34,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static u_int32_t
parse_value(const char *arg, u_int32_t def)
{
@@ -174,7 +166,6 @@ static struct iptables_match state = {
.size = IPT_ALIGN(sizeof(struct ipt_connrate_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_connrate_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 6ec77dc4..55216848 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -56,14 +56,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo)
{
@@ -538,7 +530,6 @@ static struct iptables_match conntrack = {
.size = IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_dscp.c b/extensions/libipt_dscp.c
index b4e8b526..4520a6a7 100644
--- a/extensions/libipt_dscp.c
+++ b/extensions/libipt_dscp.c
@@ -24,11 +24,6 @@
/* This is evil, but it's my code - HW*/
#include "libipt_dscp_helper.c"
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_TOS;
-}
-
static void help(void)
{
printf(
@@ -164,7 +159,6 @@ static struct iptables_match dscp = {
.size = IPT_ALIGN(sizeof(struct ipt_dscp_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_dscp_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_dstlimit.c b/extensions/libipt_dstlimit.c
index 0d4dc09f..3f3b6330 100644
--- a/extensions/libipt_dstlimit.c
+++ b/extensions/libipt_dstlimit.c
@@ -105,8 +105,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
r->cfg.gc_interval = IPT_DSTLIMIT_GCINTERVAL;
r->cfg.expire = IPT_DSTLIMIT_EXPIRE;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
#define PARAM_LIMIT 0x00000001
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
index d7b7f3b1..97e839da 100644
--- a/extensions/libipt_ecn.c
+++ b/extensions/libipt_ecn.c
@@ -16,11 +16,6 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_ecn.h>
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_TOS;
-}
-
static void help(void)
{
printf(
@@ -163,7 +158,6 @@ struct iptables_match ecn
.size = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_fuzzy.c b/extensions/libipt_fuzzy.c
index 40e071d4..d574db8a 100644
--- a/extensions/libipt_fuzzy.c
+++ b/extensions/libipt_fuzzy.c
@@ -43,7 +43,6 @@ static void
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_fuzzy_info *presentinfo = (struct ipt_fuzzy_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
/*
* Default rates ( I'll improve this very soon with something based
diff --git a/extensions/libipt_hashlimit.c b/extensions/libipt_hashlimit.c
index 1df36b4c..6fb0eccb 100644
--- a/extensions/libipt_hashlimit.c
+++ b/extensions/libipt_hashlimit.c
@@ -104,8 +104,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
r->cfg.gc_interval = IPT_HASHLIMIT_GCINTERVAL;
r->cfg.expire = IPT_HASHLIMIT_EXPIRE;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
diff --git a/extensions/libipt_helper.c b/extensions/libipt_helper.c
index 10b39d74..7c9f3e3c 100644
--- a/extensions/libipt_helper.c
+++ b/extensions/libipt_helper.c
@@ -24,14 +24,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -96,7 +88,6 @@ static struct iptables_match helper = {
.version = IPTABLES_VERSION,
.size = IPT_ALIGN(sizeof(struct ipt_helper_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 32c04f6d..9d45c8c6 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -114,7 +114,7 @@ static struct option opts[] = {
{0}
};
-static unsigned int
+static void
parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[])
{
unsigned int limit = sizeof(icmp_codes)/sizeof(struct icmp_names);
@@ -165,10 +165,6 @@ parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[])
code[1] = 0xFF;
}
}
-
- if (code[0] == 0 && code[1] == 0xFF)
- return NFC_IP_SRC_PT;
- else return NFC_IP_SRC_PT | NFC_IP_DST_PT;
}
/* Initialize the match. */
@@ -194,9 +190,8 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
check_inverse(optarg, &invert, &optind, 0);
- *nfcache |= parse_icmp(argv[optind-1],
- &icmpinfo->type,
- icmpinfo->code);
+ parse_icmp(argv[optind-1], &icmpinfo->type,
+ icmpinfo->code);
if (invert)
icmpinfo->invflags |= IPT_ICMP_INV;
break;
diff --git a/extensions/libipt_iprange.c b/extensions/libipt_iprange.c
index 7d5c1334..2ada8e27 100644
--- a/extensions/libipt_iprange.c
+++ b/extensions/libipt_iprange.c
@@ -26,14 +26,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_iprange(char *arg, struct ipt_iprange *range)
{
@@ -180,7 +172,6 @@ static struct iptables_match iprange = {
.size = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_ipv4options.c b/extensions/libipt_ipv4options.c
index dd3e80a8..3d3b2360 100644
--- a/extensions/libipt_ipv4options.c
+++ b/extensions/libipt_ipv4options.c
@@ -35,14 +35,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -306,7 +298,6 @@ static struct iptables_match ipv4options_struct = {
.size = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_length.c b/extensions/libipt_length.c
index fcd14bcb..cfac1c5f 100644
--- a/extensions/libipt_length.c
+++ b/extensions/libipt_length.c
@@ -25,13 +25,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static u_int16_t
parse_length(const char *s)
{
@@ -145,7 +138,6 @@ static struct iptables_match length = {
.size = IPT_ALIGN(sizeof(struct ipt_length_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_length_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c
index ad5e2733..7f0337ae 100644
--- a/extensions/libipt_limit.c
+++ b/extensions/libipt_limit.c
@@ -81,8 +81,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
parse_rate(IPT_LIMIT_AVG, &r->avg);
r->burst = IPT_LIMIT_BURST;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
/* FIXME: handle overflow:
diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c
index 30da7fab..bac85125 100644
--- a/extensions/libipt_mac.c
+++ b/extensions/libipt_mac.c
@@ -28,14 +28,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static void
parse_mac(const char *mac, struct ipt_mac_info *info)
{
@@ -135,7 +127,6 @@ static struct iptables_match mac = {
.size = IPT_ALIGN(sizeof(struct ipt_mac_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_mac_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c
index 1e031ca8..1922768e 100644
--- a/extensions/libipt_mark.c
+++ b/extensions/libipt_mark.c
@@ -25,14 +25,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -138,7 +130,6 @@ static struct iptables_match mark = {
.size = IPT_ALIGN(sizeof(struct ipt_mark_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_mport.c b/extensions/libipt_mport.c
index 63acbd9b..a387b214 100644
--- a/extensions/libipt_mport.c
+++ b/extensions/libipt_mport.c
@@ -140,7 +140,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(entry);
parse_multi_ports(argv[optind-1], minfo, proto);
minfo->flags = IPT_MPORT_SOURCE;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
@@ -148,7 +147,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(entry);
parse_multi_ports(argv[optind-1], minfo, proto);
minfo->flags = IPT_MPORT_DESTINATION;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
@@ -156,7 +154,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(entry);
parse_multi_ports(argv[optind-1], minfo, proto);
minfo->flags = IPT_MPORT_EITHER;
- *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT;
break;
default:
diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c
index 7fb6d72f..9f5193fa 100644
--- a/extensions/libipt_multiport.c
+++ b/extensions/libipt_multiport.c
@@ -179,7 +179,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IPT_MULTIPORT_SOURCE;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
@@ -188,7 +187,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IPT_MULTIPORT_DESTINATION;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
@@ -197,7 +195,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
multiinfo->flags = IPT_MULTIPORT_EITHER;
- *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT;
break;
default:
@@ -231,7 +228,6 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(entry);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = IPT_MULTIPORT_SOURCE;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
@@ -239,7 +235,6 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(entry);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = IPT_MULTIPORT_DESTINATION;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
@@ -247,7 +242,6 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags,
proto = check_proto(entry);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = IPT_MULTIPORT_EITHER;
- *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT;
break;
default:
diff --git a/extensions/libipt_nth.c b/extensions/libipt_nth.c
index 569b1ade..6f483b9f 100644
--- a/extensions/libipt_nth.c
+++ b/extensions/libipt_nth.c
@@ -50,13 +50,6 @@ static struct option opts[] = {
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
#define IPT_NTH_OPT_EVERY 0x01
#define IPT_NTH_OPT_NOT_EVERY 0x02
#define IPT_NTH_OPT_START 0x04
@@ -224,7 +217,6 @@ static struct iptables_match nth = {
.size = IPT_ALIGN(sizeof(struct ipt_nth_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_nth_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_osf.c b/extensions/libipt_osf.c
index 3c758c21..e3610fce 100644
--- a/extensions/libipt_osf.c
+++ b/extensions/libipt_osf.c
@@ -54,13 +54,6 @@ static struct option opts[] = {
{ .name = 0 }
};
-
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static void parse_string(const unsigned char *s, struct ipt_osf_info *info)
{
if (strlen(s) < MAXGENRELEN)
@@ -142,7 +135,6 @@ static struct iptables_match osf_match = {
.size = IPT_ALIGN(sizeof(struct ipt_osf_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_osf_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c
index 46da9e33..cf13cb97 100644
--- a/extensions/libipt_owner.c
+++ b/extensions/libipt_owner.c
@@ -49,14 +49,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -245,7 +237,6 @@ static struct iptables_match owner = {
.size = IPT_ALIGN(sizeof(struct ipt_owner_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_owner_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_pkttype.c b/extensions/libipt_pkttype.c
index af220955..ea6439ef 100644
--- a/extensions/libipt_pkttype.c
+++ b/extensions/libipt_pkttype.c
@@ -69,11 +69,6 @@ static struct option opts[] = {
{0}
};
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
static void parse_pkttype(const char *pkttype, struct ipt_pkttype_info *info)
{
unsigned int i;
@@ -159,7 +154,6 @@ static struct iptables_match pkttype = {
.size = IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_pool.c b/extensions/libipt_pool.c
index 7e204dad..0d649203 100644
--- a/extensions/libipt_pool.c
+++ b/extensions/libipt_pool.c
@@ -43,8 +43,6 @@ init(struct ipt_entry_match *match, unsigned int *nfcache)
info->src = IP_POOL_NONE;
info->dst = IP_POOL_NONE;
info->flags = 0;
- /* Can't cache this - XXX */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it ate an option */
diff --git a/extensions/libipt_psd.c b/extensions/libipt_psd.c
index e150e09e..3d0034ab 100644
--- a/extensions/libipt_psd.c
+++ b/extensions/libipt_psd.c
@@ -56,8 +56,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD;
psdinfo->lo_ports_weight = PORT_WEIGHT_PRIV;
psdinfo->hi_ports_weight = PORT_WEIGHT_HIGH;
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
}
diff --git a/extensions/libipt_quota.c b/extensions/libipt_quota.c
index b0de7adb..a9c138c5 100644
--- a/extensions/libipt_quota.c
+++ b/extensions/libipt_quota.c
@@ -24,14 +24,6 @@ help(void)
" --quota quota quota (bytes)\n" "\n");
}
-/* initialise match */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* no can cache */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* print matchinfo */
static void
print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
@@ -100,7 +92,6 @@ struct iptables_match quota = {
.size = IPT_ALIGN(sizeof (struct ipt_quota_info)),
.userspacesize = IPT_ALIGN(sizeof (struct ipt_quota_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_random.c b/extensions/libipt_random.c
index fd815bbc..d28ab8ce 100644
--- a/extensions/libipt_random.c
+++ b/extensions/libipt_random.c
@@ -51,7 +51,6 @@ static void
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_rand_info *randinfo = (struct ipt_rand_info *)(m)->data;
- *nfcache |= NFC_UNKNOWN;
/* We assign the average to be 50 which is our default value */
/* 50 * 2.55 = 128 */
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index ec9d3e34..90e60897 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -28,14 +28,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -122,7 +114,6 @@ static struct iptables_match realm = { NULL,
.size = IPT_ALIGN(sizeof(struct ipt_realm_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_realm_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index a3942720..0b0ed2d1 100644
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -72,7 +72,6 @@ init(struct ipt_entry_match *match, unsigned int *nfcache)
{
struct ipt_recent_info *info = (struct ipt_recent_info *)(match)->data;
- *nfcache |= NFC_UNKNOWN;
strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN);
/* eventhough IPT_RECENT_NAME_LEN is currently defined as 200,
diff --git a/extensions/libipt_record_rpc.c b/extensions/libipt_record_rpc.c
index 819c8ef6..571d286b 100644
--- a/extensions/libipt_record_rpc.c
+++ b/extensions/libipt_record_rpc.c
@@ -16,14 +16,6 @@ static struct option opts[] = {
{0}
};
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -53,19 +45,18 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
}
static
-struct iptables_match record_rpc
-= { NULL,
- "record_rpc",
- IPTABLES_VERSION,
- IPT_ALIGN(0),
- IPT_ALIGN(0),
- &help,
- &init,
- &parse,
- &final_check,
- &print,
- &save,
- opts
+struct iptables_match record_rpc = {
+ .next = NULL,
+ .name = "record_rpc",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(0),
+ .userspacesize = IPT_ALIGN(0),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
};
void _init(void)
diff --git a/extensions/libipt_rpc.c b/extensions/libipt_rpc.c
index 07177959..f6e897ac 100644
--- a/extensions/libipt_rpc.c
+++ b/extensions/libipt_rpc.c
@@ -180,8 +180,6 @@ static void init(struct ipt_entry_match *match, unsigned int *nfcache)
struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
/* initialise those funky user vars */
rpcinfo->i_procs = -1;
diff --git a/extensions/libipt_sctp.c b/extensions/libipt_sctp.c
index f12403c5..af35f9ce 100644
--- a/extensions/libipt_sctp.c
+++ b/extensions/libipt_sctp.c
@@ -293,7 +293,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
einfo->invflags |= IPT_SCTP_SRC_PORTS;
*flags |= IPT_SCTP_SRC_PORTS;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
@@ -306,7 +305,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
einfo->invflags |= IPT_SCTP_DEST_PORTS;
*flags |= IPT_SCTP_DEST_PORTS;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c
index 7ab78ff7..e485f054 100644
--- a/extensions/libipt_set.c
+++ b/extensions/libipt_set.c
@@ -47,8 +47,6 @@ static void init(struct ipt_entry_match *match, unsigned int *nfcache)
memset(info, 0, sizeof(struct ipt_set_info_match));
- /* Can't cache this - XXX */
- *nfcache |= NFC_UNKNOWN;
}
/* Function which parses command options; returns true if it ate an option */
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c
index 8e6a90c5..acafe9a7 100644
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -28,14 +28,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int
parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo)
{
@@ -158,7 +150,6 @@ static struct iptables_match state = {
.size = IPT_ALIGN(sizeof(struct ipt_state_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_state_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c
index 2ffdb74e..508eb90b 100644
--- a/extensions/libipt_string.c
+++ b/extensions/libipt_string.c
@@ -44,15 +44,6 @@ static struct option opts[] = {
{ .name = 0 }
};
-
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
-
static void
parse_string(const unsigned char *s, struct ipt_string_info *info)
{
@@ -279,7 +270,6 @@ static struct iptables_match string = {
.size = IPT_ALIGN(sizeof(struct ipt_string_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_string_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index 57515006..6f9ea06a 100644
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -187,7 +187,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_SRCPT;
*flags |= TCP_SRC_PORTS;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
@@ -199,7 +198,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_DSTPT;
*flags |= TCP_DST_PORTS;
- *nfcache |= NFC_IP_DST_PT;
break;
case '3':
@@ -209,7 +207,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
" allowed");
parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP_TCPFLAGS;
break;
case '4':
@@ -228,7 +225,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
invert);
optind++;
*flags |= TCP_FLAGS;
- *nfcache |= NFC_IP_TCPFLAGS;
break;
case '5':
@@ -240,7 +236,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_OPTION;
*flags |= TCP_OPTION;
- *nfcache |= NFC_IP_PROTO_UNKNOWN;
break;
default:
diff --git a/extensions/libipt_tcpmss.c b/extensions/libipt_tcpmss.c
index d596ea74..9a399bbd 100644
--- a/extensions/libipt_tcpmss.c
+++ b/extensions/libipt_tcpmss.c
@@ -24,13 +24,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_PROTO_UNKNOWN;
-}
-
static u_int16_t
parse_tcp_mssvalue(const char *mssvalue)
{
@@ -146,7 +139,6 @@ static struct iptables_match tcpmss = {
.size = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_time.c b/extensions/libipt_time.c
index cceab58d..dcf2dc67 100644
--- a/extensions/libipt_time.c
+++ b/extensions/libipt_time.c
@@ -57,8 +57,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_time_info *info = (struct ipt_time_info *)m->data;
globaldays = 0;
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
/* By default, we match on everyday */
info->days_match = 127;
/* By default, we match on every hour:min of the day */
diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c
index 6241950a..7a10a502 100644
--- a/extensions/libipt_tos.c
+++ b/extensions/libipt_tos.c
@@ -47,13 +47,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_IP_TOS;
-}
-
static void
parse_tos(const unsigned char *s, struct ipt_tos_info *info)
{
@@ -166,7 +159,6 @@ static struct iptables_match tos = {
.size = IPT_ALIGN(sizeof(struct ipt_tos_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_tos_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 8d47dbec..3a25734b 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -24,12 +24,6 @@ static void help(void)
, IPTABLES_VERSION);
}
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* caching not yet implemented */
- *nfcache |= NFC_UNKNOWN;
-}
-
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
struct ipt_entry_match **match)
@@ -156,7 +150,6 @@ static struct iptables_match ttl = {
.size = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_u32.c b/extensions/libipt_u32.c
index c5f5b4d9..75045100 100644
--- a/extensions/libipt_u32.c
+++ b/extensions/libipt_u32.c
@@ -37,13 +37,6 @@ static struct option opts[] = {
{ 0 }
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- *nfcache |= NFC_UNKNOWN;
-}
-
/* shared printing code */
static void print_u32(struct ipt_u32 *data)
{
@@ -257,7 +250,6 @@ struct iptables_match u32 = {
.size = IPT_ALIGN(sizeof(struct ipt_u32)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_u32)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c
index fb52cf01..f45f364c 100644
--- a/extensions/libipt_udp.c
+++ b/extensions/libipt_udp.c
@@ -109,7 +109,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
udpinfo->invflags |= IPT_UDP_INV_SRCPT;
*flags |= UDP_SRC_PORTS;
- *nfcache |= NFC_IP_SRC_PT;
break;
case '2':
@@ -121,7 +120,6 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
udpinfo->invflags |= IPT_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;
- *nfcache |= NFC_IP_DST_PT;
break;
default:
diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c
index a97b0f0e..7b9b3e42 100644
--- a/extensions/libipt_unclean.c
+++ b/extensions/libipt_unclean.c
@@ -17,14 +17,6 @@ static struct option opts[] = {
{0}
};
-/* Initialize the match. */
-static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
@@ -49,7 +41,6 @@ struct iptables_match unclean = {
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = NULL,
diff --git a/ip6tables.c b/ip6tables.c
index aa1e148b..de48f774 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1887,7 +1887,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
&& (fw.ipv6.invflags & IP6T_INV_PROTO))
exit_error(PARAMETER_PROBLEM,
"rule would never match protocol");
- fw.nfcache |= NFC_IP6_PROTO;
break;
case 's':
@@ -1895,7 +1894,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
set_option(&options, OPT_SOURCE, &fw.ipv6.invflags,
invert);
shostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP6_SRC;
break;
case 'd':
@@ -1903,7 +1901,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags,
invert);
dhostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP6_DST;
break;
case 'j':
@@ -1935,7 +1932,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
parse_interface(argv[optind-1],
fw.ipv6.iniface,
fw.ipv6.iniface_mask);
- fw.nfcache |= NFC_IP6_IF_IN;
break;
case 'o':
@@ -1945,7 +1941,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
parse_interface(argv[optind-1],
fw.ipv6.outiface,
fw.ipv6.outiface_mask);
- fw.nfcache |= NFC_IP6_IF_OUT;
break;
case 'v':
diff --git a/iptables.c b/iptables.c
index ace49992..06d04810 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1987,7 +1987,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
&& (fw.ip.invflags & IPT_INV_PROTO))
exit_error(PARAMETER_PROBLEM,
"rule would never match protocol");
- fw.nfcache |= NFC_IP_PROTO;
break;
case 's':
@@ -1995,7 +1994,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
set_option(&options, OPT_SOURCE, &fw.ip.invflags,
invert);
shostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP_SRC;
break;
case 'd':
@@ -2003,7 +2001,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
set_option(&options, OPT_DESTINATION, &fw.ip.invflags,
invert);
dhostnetworkmask = argv[optind-1];
- fw.nfcache |= NFC_IP_DST;
break;
case 'j':
@@ -2024,7 +2021,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
strcpy(target->t->u.user.name, jumpto);
set_revision(target->t->u.user.name,
target->revision);
- target->init(target->t, &fw.nfcache);
+ if (target->init != NULL)
+ target->init(target->t, &fw.nfcache);
opts = merge_options(opts, target->extra_opts, &target->option_offset);
}
break;
@@ -2037,7 +2035,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
parse_interface(argv[optind-1],
fw.ip.iniface,
fw.ip.iniface_mask);
- fw.nfcache |= NFC_IP_IF_IN;
break;
case 'o':
@@ -2047,14 +2044,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
parse_interface(argv[optind-1],
fw.ip.outiface,
fw.ip.outiface_mask);
- fw.nfcache |= NFC_IP_IF_OUT;
break;
case 'f':
set_option(&options, OPT_FRAGMENT, &fw.ip.invflags,
invert);
fw.ip.flags |= IPT_F_FRAG;
- fw.nfcache |= NFC_IP_FRAG;
break;
case 'v':
@@ -2078,7 +2073,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
set_revision(m->m->u.user.name, m->revision);
- m->init(m->m, &fw.nfcache);
+ if (m->init != NULL)
+ m->init(m->m, &fw.nfcache);
opts = merge_options(opts, m->extra_opts, &m->option_offset);
}
break;
@@ -2221,7 +2217,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
strcpy(m->m->u.user.name, m->name);
set_revision(m->m->u.user.name,
m->revision);
- m->init(m->m, &fw.nfcache);
+ if (m->init != NULL)
+ m->init(m->m, &fw.nfcache);
opts = merge_options(opts,
m->extra_opts, &m->option_offset);
@@ -2349,7 +2346,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
target->t->u.target_size = size;
strcpy(target->t->u.user.name, jumpto);
set_revision(target->t->u.user.name, target->revision);
- target->init(target->t, &fw.nfcache);
+ if (target->init != NULL)
+ target->init(target->t, &fw.nfcache);
}
if (!target) {
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index f623c78c..392a9de1 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -149,17 +149,6 @@ dump_entry(STRUCT_ENTRY *e, const TC_HANDLE_T handle)
printf("Cache: %08X ", e->nfcache);
if (e->nfcache & NFC_ALTERED) printf("ALTERED ");
if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN ");
- if (e->nfcache & NFC_IP_SRC) printf("IP_SRC ");
- if (e->nfcache & NFC_IP_DST) printf("IP_DST ");
- if (e->nfcache & NFC_IP_IF_IN) printf("IP_IF_IN ");
- if (e->nfcache & NFC_IP_IF_OUT) printf("IP_IF_OUT ");
- if (e->nfcache & NFC_IP_TOS) printf("IP_TOS ");
- if (e->nfcache & NFC_IP_PROTO) printf("IP_PROTO ");
- if (e->nfcache & NFC_IP_OPTIONS) printf("IP_OPTIONS ");
- if (e->nfcache & NFC_IP_TCPFLAGS) printf("IP_TCPFLAGS ");
- if (e->nfcache & NFC_IP_SRC_PT) printf("IP_SRC_PT ");
- if (e->nfcache & NFC_IP_DST_PT) printf("IP_DST_PT ");
- if (e->nfcache & NFC_IP_PROTO_UNKNOWN) printf("IP_PROTO_UNKNOWN ");
printf("\n");
IPT_MATCH_ITERATE(e, print_match);
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 06b15fbc..1c1f14e5 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -180,17 +180,6 @@ dump_entry(struct ip6t_entry *e, const ip6tc_handle_t handle)
printf("Cache: %08X ", e->nfcache);
if (e->nfcache & NFC_ALTERED) printf("ALTERED ");
if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN ");
- if (e->nfcache & NFC_IP6_SRC) printf("IP6_SRC ");
- if (e->nfcache & NFC_IP6_DST) printf("IP6_DST ");
- if (e->nfcache & NFC_IP6_IF_IN) printf("IP6_IF_IN ");
- if (e->nfcache & NFC_IP6_IF_OUT) printf("IP6_IF_OUT ");
- if (e->nfcache & NFC_IP6_TOS) printf("IP6_TOS ");
- if (e->nfcache & NFC_IP6_PROTO) printf("IP6_PROTO ");
- if (e->nfcache & NFC_IP6_OPTIONS) printf("IP6_OPTIONS ");
- if (e->nfcache & NFC_IP6_TCPFLAGS) printf("IP6_TCPFLAGS ");
- if (e->nfcache & NFC_IP6_SRC_PT) printf("IP6_SRC_PT ");
- if (e->nfcache & NFC_IP6_DST_PT) printf("IP6_DST_PT ");
- if (e->nfcache & NFC_IP6_PROTO_UNKNOWN) printf("IP6_PROTO_UNKNOWN ");
printf("\n");
IP6T_MATCH_ITERATE(e, print_match);