diff options
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | include/linux/netfilter/xt_NFLOG.h | 2 | ||||
-rw-r--r-- | include/xtables.h.in | 15 | ||||
-rw-r--r-- | ip6tables.c | 11 | ||||
-rw-r--r-- | iptables-xml.c | 19 | ||||
-rw-r--r-- | iptables.c | 13 | ||||
-rw-r--r-- | xtables.c | 89 |
7 files changed, 115 insertions, 35 deletions
diff --git a/Makefile.am b/Makefile.am index 0e247176..dbdfa97a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -22,6 +22,7 @@ iptables_SOURCES = iptables-standalone.c iptables.c iptables_LDFLAGS = -rdynamic iptables_LDADD = -lm libiptc/libiptc.a extensions/libext4.a libxtables.la +iptables_xml_LDADD = -ldl libxtables.la iptables_multi_SOURCES = iptables-multi.c iptables-save.c \ iptables-restore.c iptables-xml.c \ iptables-standalone.c iptables.c diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h index cdcd0ed5..4b36aeb4 100644 --- a/include/linux/netfilter/xt_NFLOG.h +++ b/include/linux/netfilter/xt_NFLOG.h @@ -2,7 +2,7 @@ #define _XT_NFLOG_TARGET #define XT_NFLOG_DEFAULT_GROUP 0x1 -#define XT_NFLOG_DEFAULT_THRESHOLD 1 +#define XT_NFLOG_DEFAULT_THRESHOLD 0 #define XT_NFLOG_MASK 0x0 diff --git a/include/xtables.h.in b/include/xtables.h.in index 1455e9cd..6712aac0 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -183,6 +183,15 @@ enum xtables_exittype { XTF_ONE_ACTION, }; +struct xtables_globals +{ + unsigned int option_offset; + char *program_version; + char *program_name; + struct option *opts; + void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); +}; + extern const char *xtables_program_name; extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; @@ -195,6 +204,8 @@ extern void *xtables_malloc(size_t); extern int xtables_insmod(const char *, const char *, bool); extern int xtables_load_ko(const char *, bool); +extern int xtables_set_params(struct xtables_globals *xtp); +void xtables_free_opts(int reset_offset, struct option *original_opts); extern struct xtables_match *xtables_find_match(const char *name, enum xtables_tryload, struct xtables_rule_match **match); @@ -219,8 +230,8 @@ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask); int xtables_check_inverse(const char option[], int *invert, int *my_optind, int argc); -void exit_error(enum xtables_exittype, const char *, ...) - __attribute__((noreturn, format(printf,2,3))); +extern struct xtables_globals *xt_params; +#define exit_error xt_params->exit_err extern void xtables_param_act(unsigned int, const char *, ...); extern const char *xtables_ipaddr_to_numeric(const struct in_addr *); diff --git a/ip6tables.c b/ip6tables.c index 7fff4924..a73ea9ae 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -145,6 +145,14 @@ int line = -1; static struct option *opts = original_opts; static unsigned int global_option_offset = 0; +void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); +struct xtables_globals ip6tables_globals = { + .option_offset = 0, + .program_version = IPTABLES_VERSION, + .program_name = "ip6tables", + .opts = original_opts, + .exit_err = ip6tables_exit_error, +}; /* Table of legal combinations of commands and options. If any of the * given commands make an option legal, that option is legal (applies to @@ -329,7 +337,7 @@ exit_printhelp(struct xtables_rule_match *matches) } void -exit_error(enum xtables_exittype status, const char *msg, ...) +ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) { va_list args; @@ -1371,6 +1379,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand demand-load a protocol. */ opterr = 0; + xtables_set_params(&ip6tables_globals); while ((c = getopt_long(argc, argv, "-A:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:g:", opts, NULL)) != -1) { diff --git a/iptables-xml.c b/iptables-xml.c index 307845c5..4bb05578 100644 --- a/iptables-xml.c +++ b/iptables-xml.c @@ -17,6 +17,7 @@ #include "iptables.h" #include "libiptc/libiptc.h" #include "iptables-multi.h" +#include <xtables.h> #ifdef DEBUG #define DEBUGP(x, args...) fprintf(stderr, x, ## args) @@ -30,18 +31,6 @@ const char *program_version; #ifndef IPTABLES_MULTI int line = 0; -void exit_error(enum xtables_exittype status, const char *msg, ...) -{ - va_list args; - - va_start(args, msg); - fprintf(stderr, "%s v%s: ", program_name, program_version); - vfprintf(stderr, msg, args); - va_end(args); - fprintf(stderr, "\n"); - /* On error paths, make sure that we don't leak memory */ - exit(status); -} #endif static void print_usage(const char *name, const char *version) @@ -629,6 +618,11 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[]) do_rule_part(NULL, NULL, 1, argc, argv, argvattr); } +struct xtables_globals iptables_xml_globals = { + .option_offset = 0, + .program_version = IPTABLES_VERSION, + .program_name = "iptables-xml", +}; #ifdef IPTABLES_MULTI int @@ -646,6 +640,7 @@ main(int argc, char *argv[]) program_version = IPTABLES_VERSION; line = 0; + xtables_set_params(&iptables_xml_globals); while ((c = getopt_long(argc, argv, "cvh", options, NULL)) != -1) { switch (c) { case 'c': @@ -145,6 +145,16 @@ int line = -1; static struct option *opts = original_opts; static unsigned int global_option_offset = 0; +void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); + +struct xtables_globals iptables_globals = { + .option_offset = 0, + .program_version = IPTABLES_VERSION, + .program_name = "iptables", + .opts = original_opts, + .exit_err = iptables_exit_error, +}; + /* Table of legal combinations of commands and options. If any of the * given commands make an option legal, that option is legal (applies to * CMD_LIST and CMD_ZERO only). @@ -340,7 +350,7 @@ exit_printhelp(struct xtables_rule_match *matches) } void -exit_error(enum xtables_exittype status, const char *msg, ...) +iptables_exit_error(enum xtables_exittype status, const char *msg, ...) { va_list args; @@ -1393,6 +1403,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle demand-load a protocol. */ opterr = 0; + xtables_set_params(&iptables_globals); while ((c = getopt_long(argc, argv, "-A:D:R:I:L::S::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:", opts, NULL)) != -1) { @@ -55,6 +55,59 @@ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" #endif +void basic_exit_err(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); + +struct xtables_globals *xt_params = NULL; + +void basic_exit_err(enum xtables_exittype status, const char *msg, ...) +{ + va_list args; + + va_start(args, msg); + fprintf(stderr, "%s v%s: ", xt_params->program_name, xt_params->program_version); + vfprintf(stderr, msg, args); + va_end(args); + fprintf(stderr, "\n"); + exit(status); +} + + +/** + * xtables_set_params - set the global parameters used by xtables + * @xtp: input xtables_globals structure + * + * The app is expected to pass a valid xtables_globals data-filled + * with proper values + * @xtp cannot be NULL + * + * Returns -1 on failure to set and 0 on success + */ +int xtables_set_params(struct xtables_globals *xtp) +{ + if (!xtp) { + fprintf(stderr, "%s: Illegal global params\n",__func__); + return -1; + } + + xt_params = xtp; + + if (!xt_params->exit_err) + xt_params->exit_err = basic_exit_err; + + return 0; +} + +void xtables_free_opts(int reset_offset, struct option *original_opts) +{ + if (xt_params->opts != original_opts) { + if (original_opts) + free(xt_params->opts); + xt_params->opts = original_opts; + if (reset_offset) + xt_params->option_offset = 0; + } +} + /** * xtables_afinfo - protocol family dependent information * @kmod: kernel module basename (e.g. "ip_tables") @@ -331,7 +384,7 @@ u_int16_t xtables_parse_port(const char *port, const char *proto) (portnum = xtables_service_to_port(port, proto)) != (unsigned)-1) return portnum; - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "invalid port/service `%s' specified", port); } @@ -345,7 +398,7 @@ void xtables_parse_interface(const char *arg, char *vianame, memset(vianame, 0, IFNAMSIZ); if (vialen + 1 > IFNAMSIZ) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "interface name `%s' must be shorter than IFNAMSIZ" " (%i)", arg, IFNAMSIZ-1); @@ -467,7 +520,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, name, false); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "Couldn't load match `%s':%s\n", name, dlerror()); } @@ -479,7 +532,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload, ptr = NULL; } if(!ptr && (tryload == XTF_LOAD_MUST_SUCCEED)) { - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "Couldn't find match `%s'\n", name); } #endif @@ -527,7 +580,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload) name, true); if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "Couldn't load target `%s':%s\n", name, dlerror()); } @@ -539,7 +592,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload) ptr = NULL; } if(!ptr && (tryload == LOAD_MUST_SUCCEED)) { - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "Couldn't find target `%s'\n", name); } #endif @@ -792,7 +845,7 @@ void xtables_param_act(unsigned int status, const char *p1, ...) b = va_arg(args, unsigned int); if (!b) return; - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "%s: \"%s\" option may only be specified once", p1, p2); break; @@ -801,13 +854,13 @@ void xtables_param_act(unsigned int status, const char *p1, ...) b = va_arg(args, unsigned int); if (!b) return; - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "%s: \"%s\" option cannot be inverted", p1, p2); break; case XTF_BAD_VALUE: p2 = va_arg(args, const char *); p3 = va_arg(args, const char *); - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "%s: Bad value for \"%s\" option: \"%s\"", p1, p2, p3); break; @@ -815,11 +868,11 @@ void xtables_param_act(unsigned int status, const char *p1, ...) b = va_arg(args, unsigned int); if (!b) return; - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "%s: At most one action is possible", p1); break; default: - exit_error(status, p1, args); + xt_params->exit_err(status, p1, args); break; } @@ -1002,7 +1055,7 @@ ipparse_hostnetwork(const char *name, unsigned int *naddrs) if ((addrptmp = host_to_ipaddr(name, naddrs)) != NULL) return addrptmp; - exit_error(PARAMETER_PROBLEM, "host/network `%s' not found", name); + xt_params->exit_err(PARAMETER_PROBLEM, "host/network `%s' not found", name); } static struct in_addr *parse_ipmask(const char *mask) @@ -1020,7 +1073,7 @@ static struct in_addr *parse_ipmask(const char *mask) /* dotted_to_addr already returns a network byte order addr */ return addrp; if (!xtables_strtoui(mask, NULL, &bits, 0, 32)) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "invalid mask `%s' specified", mask); if (bits != 0) { maskaddr.s_addr = htonl(0xFFFFFFFF << (32 - bits)); @@ -1231,7 +1284,7 @@ ip6parse_hostnetwork(const char *name, unsigned int *naddrs) if ((addrp = host_to_ip6addr(name, naddrs)) != NULL) return addrp; - exit_error(PARAMETER_PROBLEM, "host/network `%s' not found", name); + xt_params->exit_err(PARAMETER_PROBLEM, "host/network `%s' not found", name); } static struct in6_addr *parse_ip6mask(char *mask) @@ -1248,7 +1301,7 @@ static struct in6_addr *parse_ip6mask(char *mask) if ((addrp = xtables_numeric_to_ip6addr(mask)) != NULL) return addrp; if (!xtables_strtoui(mask, NULL, &bits, 0, 128)) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "invalid mask `%s' specified", mask); if (bits != 0) { char *p = (void *)&maskaddr; @@ -1348,13 +1401,13 @@ int xtables_check_inverse(const char option[], int *invert, "extrapositioned (`! --option this`).\n"); if (*invert) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "Multiple `!' flags not allowed"); *invert = true; if (my_optind != NULL) { ++*my_optind; if (argc && *my_optind > argc) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "no argument following `!'"); } @@ -1405,7 +1458,7 @@ xtables_parse_protocol(const char *s) } } if (i == ARRAY_SIZE(xtables_chain_protos)) - exit_error(PARAMETER_PROBLEM, + xt_params->exit_err(PARAMETER_PROBLEM, "unknown protocol `%s' specified", s); } |