diff options
| -rw-r--r-- | Makefile.am | 20 | ||||
| -rw-r--r-- | configure.ac | 10 | ||||
| -rw-r--r-- | extensions/GNUmakefile.in | 4 | ||||
| -rw-r--r-- | extensions/libxt_tcpmss.c | 2 | ||||
| -rw-r--r-- | include/xtables.h.in | 16 | ||||
| -rw-r--r-- | ip6tables-multi.c | 3 | ||||
| -rw-r--r-- | ip6tables-standalone.c | 14 | ||||
| -rw-r--r-- | ip6tables.c | 12 | ||||
| -rw-r--r-- | iptables-multi.c | 3 | ||||
| -rw-r--r-- | iptables-standalone.c | 11 | ||||
| -rw-r--r-- | iptables.c | 12 | ||||
| -rw-r--r-- | xtables.c | 3 |
12 files changed, 75 insertions, 35 deletions
diff --git a/Makefile.am b/Makefile.am index c0181d49..fd99098f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -85,11 +85,20 @@ man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ CLEANFILES = iptables.8 ip6tables.8 if ENABLE_STATIC -sbin_PROGRAMS += iptables-static ip6tables-static +if ENABLE_IPV4 +sbin_PROGRAMS += iptables-static +endif +if ENABLE_IPV6 +sbin_PROGRAMS += ip6tables-static +endif endif if ENABLE_SHARED -sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save \ - ip6tables ip6tables-multi ip6tables-restore ip6tables-save +if ENABLE_IPV4 +sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save +endif +if ENABLE_IPV6 +sbin_PROGRAMS += ip6tables ip6tables-multi ip6tables-restore ip6tables-save +endif endif iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man @@ -111,7 +120,6 @@ tarball: config.status: extensions/GNUmakefile.in \ include/xtables.h.in include/iptables/internal.h.in -# ldconfig may fail when we are not root (as is the case in build systems) -# so add appropriate protection that it does not let `make` fail. +# Using if..fi avoids an ugly "error (ignored)" message :) install-exec-hook: - -/sbin/ldconfig || :; + -if test -z "${DESTDIR}"; then /sbin/ldconfig; fi; diff --git a/configure.ac b/configure.ac index 87f693f8..152ad592 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_INIT([iptables], [1.4.3.1]) # See libtool.info "Libtool's versioning system" -libxtables_vcurrent=1 +libxtables_vcurrent=2 libxtables_vage=0 AC_CONFIG_HEADERS([config.h]) @@ -31,6 +31,12 @@ AC_ARG_WITH([xtlibdir], [Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]), [xtlibdir="$withval"], [xtlibdir="${libexecdir}/xtables"]) +AC_ARG_ENABLE([ipv4], + AS_HELP_STRING([--disable-ipv4], [Do not build iptables]), + [enable_ipv4="$enableval"], [enable_ipv4="yes"]) +AC_ARG_ENABLE([ipv6], + AS_HELP_STRING([--disable-ipv6], [Do not build ip6tables]), + [enable_ipv6="$enableval"], [enable_ipv6="yes"]) AC_ARG_ENABLE([devel], AS_HELP_STRING([--enable-devel], [Install Xtables development headers]), @@ -51,6 +57,8 @@ AC_SUBST([blacklist_modules]) AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"]) AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"]) +AM_CONDITIONAL([ENABLE_IPV4], [test "$enable_ipv4" = "yes"]) +AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"]) AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index 256ac08e..66a4f46a 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -35,8 +35,8 @@ endif # Wildcard module list # pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(wildcard ${srcdir}/libxt_*.c)) -pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(wildcard ${srcdir}/libipt_*.c)) -pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(wildcard ${srcdir}/libip6t_*.c)) +@ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(wildcard ${srcdir}/libipt_*.c)) +@ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(wildcard ${srcdir}/libip6t_*.c)) pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod}) pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c index 43a4a0d8..46529f97 100644 --- a/extensions/libxt_tcpmss.c +++ b/extensions/libxt_tcpmss.c @@ -26,7 +26,7 @@ parse_tcp_mssvalue(const char *mssvalue) { unsigned int mssvaluenum; - if (!xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX)) + if (xtables_strtoui(mssvalue, NULL, &mssvaluenum, 0, UINT16_MAX)) return mssvaluenum; xtables_error(PARAMETER_PROBLEM, diff --git a/include/xtables.h.in b/include/xtables.h.in index d86276e7..a399f90f 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -37,6 +37,12 @@ struct in_addr; /* Include file for additions: new matches and targets. */ struct xtables_match { + /* + * ABI/API version this module requires. Must be first member, + * as the rest of this struct may be subject to ABI changes. + */ + const char *version; + struct xtables_match *next; const char *name; @@ -46,8 +52,6 @@ struct xtables_match u_int16_t family; - const char *version; - /* Size of match data. */ size_t size; @@ -93,8 +97,15 @@ struct xtables_match struct xtables_target { + /* + * ABI/API version this module requires. Must be first member, + * as the rest of this struct may be subject to ABI changes. + */ + const char *version; + struct xtables_target *next; + const char *name; /* Revision of target (0 by default). */ @@ -102,7 +113,6 @@ struct xtables_target u_int16_t family; - const char *version; /* Size of target data. */ size_t size; diff --git a/ip6tables-multi.c b/ip6tables-multi.c index 0bcfaced..3313bfdc 100644 --- a/ip6tables-multi.c +++ b/ip6tables-multi.c @@ -16,7 +16,8 @@ int main(int argc, char **argv) { } else { progname = basename(argv[0]); - if (!strcmp(progname, "ip6tables")) + if (!strcmp(progname, "ip6tables") || + strcmp(progname, "ip6tables-static") == 0) return ip6tables_main(argc, argv); if (!strcmp(progname, "ip6tables-save")) diff --git a/ip6tables-standalone.c b/ip6tables-standalone.c index c0ca6459..649ac3d8 100644 --- a/ip6tables-standalone.c +++ b/ip6tables-standalone.c @@ -68,10 +68,16 @@ main(int argc, char *argv[]) ip6tc_free(handle); } - if (!ret) - fprintf(stderr, "ip6tables: %s. " - "Run `dmesg' for more information.\n", - ip6tc_strerror(errno)); + if (!ret) { + if (errno == EINVAL) { + fprintf(stderr, "ip6tables: %s. " + "Run `dmesg' for more information.\n", + ip6tc_strerror(errno)); + } else { + fprintf(stderr, "ip6tables: %s.\n", + ip6tc_strerror(errno)); + } + } exit(!ret); } diff --git a/ip6tables.c b/ip6tables.c index 54366b05..35067f8b 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1006,7 +1006,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask, if (mask[0] == 0) return; - printf("-%c %s", letter, invert ? "! " : ""); + printf("%s-%c ", invert ? "! " : "", letter); for (i = 0; i < IFNAMSIZ; i++) { if (mask[i] != 0) { @@ -1033,19 +1033,19 @@ static void print_proto(u_int16_t proto, int invert) struct protoent *pent = getprotobynumber(proto); if (pent) { - printf("-p %s%s ", + printf("%s-p %s ", invertstr, pent->p_name); return; } for (i = 0; xtables_chain_protos[i].name != NULL; ++i) if (xtables_chain_protos[i].num == proto) { - printf("-p %s%s ", + printf("%s-p %s ", invertstr, xtables_chain_protos[i].name); return; } - printf("-p %s%u ", invertstr, proto); + printf("%s-p %u ", invertstr, proto); } } @@ -1081,9 +1081,9 @@ static void print_ip(char *prefix, const struct in6_addr *ip, const struct in6_a if (l == 0 && !invert) return; - printf("%s %s%s", - prefix, + printf("%s%s %s", invert ? "! " : "", + prefix, inet_ntop(AF_INET6, ip, buf, sizeof buf)); if (l == -1) diff --git a/iptables-multi.c b/iptables-multi.c index 7ade3335..28c1737c 100644 --- a/iptables-multi.c +++ b/iptables-multi.c @@ -17,7 +17,8 @@ int main(int argc, char **argv) { } else { progname = basename(argv[0]); - if (!strcmp(progname, "iptables")) + if (!strcmp(progname, "iptables") || + strcmp(progname, "iptables-static") == 0) return iptables_main(argc, argv); if (!strcmp(progname, "iptables-save")) diff --git a/iptables-standalone.c b/iptables-standalone.c index 208f71d7..91853884 100644 --- a/iptables-standalone.c +++ b/iptables-standalone.c @@ -69,9 +69,14 @@ main(int argc, char *argv[]) } if (!ret) { - fprintf(stderr, "iptables: %s. " - "Run `dmesg' for more information.\n", - iptc_strerror(errno)); + if (errno == EINVAL) { + fprintf(stderr, "iptables: %s. " + "Run `dmesg' for more information.\n", + iptc_strerror(errno)); + } else { + fprintf(stderr, "iptables: %s.\n", + iptc_strerror(errno)); + } if (errno == EAGAIN) { exit(RESOURCE_PROBLEM); } @@ -1006,18 +1006,18 @@ static void print_proto(u_int16_t proto, int invert) struct protoent *pent = getprotobynumber(proto); if (pent) { - printf("-p %s%s ", invertstr, pent->p_name); + printf("%s-p %s ", invertstr, pent->p_name); return; } for (i = 0; xtables_chain_protos[i].name != NULL; ++i) if (xtables_chain_protos[i].num == proto) { - printf("-p %s%s ", + printf("%s-p %s ", invertstr, xtables_chain_protos[i].name); return; } - printf("-p %s%u ", invertstr, proto); + printf("%s-p %u ", invertstr, proto); } } @@ -1039,7 +1039,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask, if (mask[0] == 0) return; - printf("-%c %s", letter, invert ? "! " : ""); + printf("%s-%c ", invert ? "! " : "", letter); for (i = 0; i < IFNAMSIZ; i++) { if (mask[i] != 0) { @@ -1089,9 +1089,9 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) if (!mask && !ip && !invert) return; - printf("%s %s%u.%u.%u.%u", - prefix, + printf("%s%s %u.%u.%u.%u", invert ? "! " : "", + prefix, IP_PARTS(ip)); if (mask == 0xFFFFFFFFU) { @@ -1367,6 +1367,7 @@ static struct in6_addr *parse_ip6mask(char *mask) void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp, struct in6_addr *maskp, unsigned int *naddrs) { + static const struct in6_addr zero_addr; struct in6_addr *addrp; unsigned int i, j, k, n; char buf[256], *p; @@ -1382,7 +1383,7 @@ void xtables_ip6parse_any(const char *name, struct in6_addr **addrpp, memcpy(maskp, addrp, sizeof(*maskp)); /* if a null mask is given, the name is ignored, like in "any/0" */ - if (memcmp(maskp, &in6addr_any, sizeof(in6addr_any)) == 0) + if (memcmp(maskp, &zero_addr, sizeof(zero_addr)) == 0) strcpy(buf, "::"); addrp = *addrpp = ip6parse_hostnetwork(buf, naddrs); |