summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libipt_realm.c10
-rw-r--r--include/libiptc/libip6tc.h8
-rw-r--r--include/libiptc/libiptc.h8
-rw-r--r--iptables/ip6tables-restore.c13
-rw-r--r--iptables/ip6tables-save.c4
-rw-r--r--iptables/ip6tables.c50
-rw-r--r--iptables/iptables-restore.c13
-rw-r--r--iptables/iptables-save.c4
-rw-r--r--iptables/iptables-xml.c36
-rw-r--r--iptables/iptables.c48
-rw-r--r--iptables/xshared.c2
-rw-r--r--libiptc/libip4tc.c32
-rw-r--r--libiptc/libip6tc.c30
13 files changed, 128 insertions, 130 deletions
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index b60c57ee..a8d9dda0 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -41,7 +41,7 @@ static void realm_init(struct xt_entry_match *m)
static void realm_parse(struct xt_option_call *cb)
{
- struct ipt_realm_info *realminfo = cb->data;
+ struct xt_realm_info *realminfo = cb->data;
int id;
char *end;
@@ -87,7 +87,7 @@ print_realm(unsigned long id, unsigned long mask, int numeric)
static void realm_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- const struct ipt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)match->data;
if (ri->invert)
printf(" !");
@@ -98,7 +98,7 @@ static void realm_print(const void *ip, const struct xt_entry_match *match,
static void realm_save(const void *ip, const struct xt_entry_match *match)
{
- const struct ipt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)match->data;
if (ri->invert)
printf(" !");
@@ -111,8 +111,8 @@ static struct xtables_match realm_mt_reg = {
.name = "realm",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_realm_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_realm_info)),
+ .size = XT_ALIGN(sizeof(struct xt_realm_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_realm_info)),
.help = realm_help,
.init = realm_init,
.print = realm_print,
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
index f85dda71..61c1e7f5 100644
--- a/include/libiptc/libip6tc.h
+++ b/include/libiptc/libip6tc.h
@@ -50,7 +50,7 @@ int ip6tc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *ip6tc_get_policy(const char *chain,
- struct ip6t_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
@@ -122,7 +122,7 @@ int ip6tc_rename_chain(const xt_chainlabel oldname,
/* Sets the policy on a built-in chain. */
int ip6tc_set_policy(const xt_chainlabel chain,
const xt_chainlabel policy,
- struct ip6t_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Get the number of references to this chain */
@@ -130,7 +130,7 @@ int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain,
+struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct xtc_handle *handle);
@@ -142,7 +142,7 @@ int ip6tc_zero_counter(const xt_chainlabel chain,
/* set packet and byte counters for a specific rule */
int ip6tc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ip6t_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Makes the actual changes. */
diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h
index cf91725b..6f64f5a9 100644
--- a/include/libiptc/libiptc.h
+++ b/include/libiptc/libiptc.h
@@ -54,7 +54,7 @@ int iptc_builtin(const char *chain, struct xtc_handle *const handle);
/* Get the policy of a given built-in chain */
const char *iptc_get_policy(const char *chain,
- struct ipt_counters *counter,
+ struct xt_counters *counter,
struct xtc_handle *handle);
/* These functions return TRUE for OK or 0 and set errno. If errno ==
@@ -127,7 +127,7 @@ int iptc_rename_chain(const xt_chainlabel oldname,
/* Sets the policy on a built-in chain. */
int iptc_set_policy(const xt_chainlabel chain,
const xt_chainlabel policy,
- struct ipt_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Get the number of references to this chain */
@@ -136,7 +136,7 @@ int iptc_get_references(unsigned int *ref,
struct xtc_handle *handle);
/* read packet and byte counters for a specific rule */
-struct ipt_counters *iptc_read_counter(const xt_chainlabel chain,
+struct xt_counters *iptc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct xtc_handle *handle);
@@ -148,7 +148,7 @@ int iptc_zero_counter(const xt_chainlabel chain,
/* set packet and byte counters for a specific rule */
int iptc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
- struct ipt_counters *counters,
+ struct xt_counters *counters,
struct xtc_handle *handle);
/* Makes the actual changes. */
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index c5afe315..073e42b8 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -77,7 +77,7 @@ static struct xtc_handle *create_handle(const char *tablename)
return handle;
}
-static int parse_counters(char *string, struct ip6t_counters *ctr)
+static int parse_counters(char *string, struct xt_counters *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
@@ -119,7 +119,7 @@ int ip6tables_restore_main(int argc, char *argv[])
struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
- char curtable[IP6T_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
@@ -218,8 +218,8 @@ int ip6tables_restore_main(int argc, char *argv[])
line);
exit(1);
}
- strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
- curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
+ curtable[XT_TABLE_MAXNAMELEN] = '\0';
if (tablename != NULL && strcmp(tablename, table) != 0)
continue;
@@ -291,7 +291,7 @@ int ip6tables_restore_main(int argc, char *argv[])
}
if (strcmp(policy, "-") != 0) {
- struct ip6t_counters count;
+ struct xt_counters count;
if (counters) {
char *ctrs;
@@ -303,8 +303,7 @@ int ip6tables_restore_main(int argc, char *argv[])
"for chain '%s'\n", chain);
} else {
- memset(&count, 0,
- sizeof(struct ip6t_counters));
+ memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
index fbfce788..d819b30b 100644
--- a/iptables/ip6tables-save.c
+++ b/iptables/ip6tables-save.c
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(const char *tablename))
{
int ret = 1;
FILE *procfile = NULL;
- char tablename[IP6T_TABLE_MAXNAMELEN+1];
+ char tablename[XT_TABLE_MAXNAMELEN+1];
procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
@@ -89,7 +89,7 @@ static int do_output(const char *tablename)
printf(":%s ", chain);
if (ip6tc_builtin(chain, h)) {
- struct ip6t_counters count;
+ struct xt_counters count;
printf("%s ",
ip6tc_get_policy(chain, &count, h));
printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 7b12205b..b191d5df 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -172,7 +172,7 @@ static const unsigned int inverse_for_options[NUMBER_OF_OPT] =
/* -n */ 0,
/* -s */ IP6T_INV_SRCIP,
/* -d */ IP6T_INV_DSTIP,
-/* -p */ IP6T_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
@@ -471,7 +471,7 @@ print_num(uint64_t number, unsigned int format)
static void
print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ip6t_counters counters;
+ struct xt_counters counters;
const char *pol = ip6tc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
@@ -519,7 +519,7 @@ print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
static int
-print_match(const struct ip6t_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ip6t_ip6 *ip,
int numeric)
{
@@ -548,13 +548,13 @@ print_firewall(const struct ip6t_entry *fw,
struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
- const struct ip6t_entry_target *t;
+ const struct xt_entry_target *t;
char buf[BUFSIZ];
if (!ip6tc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IP6T_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ip6t_get_target((struct ip6t_entry *)fw);
@@ -570,7 +570,7 @@ print_firewall(const struct ip6t_entry *fw,
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ipv6.invflags & IP6T_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ipv6.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ipv6.proto, format&FMT_NUMERIC);
if (pname)
@@ -669,7 +669,7 @@ static void
print_firewall_line(const struct ip6t_entry *fw,
struct xtc_handle *const h)
{
- struct ip6t_entry_target *t;
+ struct xt_entry_target *t;
t = ip6t_get_target((struct ip6t_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
@@ -766,10 +766,10 @@ make_delete_mask(const struct xtables_rule_match *matches,
size = sizeof(struct ip6t_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += XT_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + XT_ALIGN(sizeof(struct ip6t_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ip6t_entry));
@@ -777,13 +777,13 @@ make_delete_mask(const struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ip6t_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += XT_ALIGN(sizeof(struct ip6t_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ip6t_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
@@ -1033,7 +1033,7 @@ static void print_proto(uint16_t proto, int invert)
}
}
-static int print_match_save(const struct ip6t_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ip6t_ip6 *ip)
{
const struct xtables_match *match =
@@ -1082,7 +1082,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
void print_rule6(const struct ip6t_entry *e,
struct xtc_handle *h, const char *chain, int counters)
{
- const struct ip6t_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1105,7 +1105,7 @@ void print_rule6(const struct ip6t_entry *e,
print_iface('o', e->ipv6.outiface, e->ipv6.outiface_mask,
e->ipv6.invflags & IP6T_INV_VIA_OUT);
- print_proto(e->ipv6.proto, e->ipv6.invflags & IP6T_INV_PROTO);
+ print_proto(e->ipv6.proto, e->ipv6.invflags & XT_INV_PROTO);
#if 0
/* not definied in ipv6
@@ -1153,11 +1153,11 @@ void print_rule6(const struct ip6t_entry *e,
if (target->save)
target->save(&e->ipv6, t);
else {
- /* If the target size is greater than ip6t_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ip6t_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
@@ -1187,7 +1187,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
continue;
if (ip6tc_builtin(this, handle)) {
- struct ip6t_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, ip6tc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1224,7 +1224,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
static struct ip6t_entry *
generate_entry(const struct ip6t_entry *fw,
struct xtables_rule_match *matches,
- struct ip6t_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1282,7 +1282,7 @@ static void command_jump(struct iptables_command_state *cs)
if (cs->target == NULL)
return;
- size = XT_ALIGN(sizeof(struct ip6t_entry_target)) + cs->target->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_target)) + cs->target->size;
cs->target->t = xtables_calloc(1, size);
cs->target->t->u.target_size = size;
@@ -1311,7 +1311,7 @@ static void command_match(struct iptables_command_state *cs)
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
- size = XT_ALIGN(sizeof(struct ip6t_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
@@ -1548,12 +1548,12 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle
cs.fw6.ipv6.flags |= IP6T_F_PROTO;
if (cs.fw6.ipv6.proto == 0
- && (cs.fw6.ipv6.invflags & IP6T_INV_PROTO))
+ && (cs.fw6.ipv6.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
if (is_exthdr(cs.fw6.ipv6.proto)
- && (cs.fw6.ipv6.invflags & IP6T_INV_PROTO) == 0)
+ && (cs.fw6.ipv6.invflags & XT_INV_PROTO) == 0)
fprintf(stderr,
"Warning: never matched protocol: %s. "
"use extension match instead.\n",
@@ -1824,10 +1824,10 @@ int do_command6(int argc, char *argv[], char **table, struct xtc_handle **handle
|| ip6tc_is_chain(cs.jumpto, *handle))) {
size_t size;
- cs.target = xtables_find_target(IP6T_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ip6t_entry_target)
+ size = sizeof(struct xt_entry_target)
+ cs.target->size;
cs.target->t = xtables_calloc(1, size);
cs.target->t->u.target_size = size;
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 7152d750..001da734 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -76,7 +76,7 @@ static struct xtc_handle *create_handle(const char *tablename)
return handle;
}
-static int parse_counters(char *string, struct ipt_counters *ctr)
+static int parse_counters(char *string, struct xt_counters *ctr)
{
unsigned long long pcnt, bcnt;
int ret;
@@ -119,7 +119,7 @@ iptables_restore_main(int argc, char *argv[])
struct xtc_handle *handle = NULL;
char buffer[10240];
int c;
- char curtable[IPT_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1];
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
@@ -217,8 +217,8 @@ iptables_restore_main(int argc, char *argv[])
prog_name, line);
exit(1);
}
- strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
- curtable[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curtable, table, XT_TABLE_MAXNAMELEN);
+ curtable[XT_TABLE_MAXNAMELEN] = '\0';
if (tablename && (strcmp(tablename, table) != 0))
continue;
@@ -288,7 +288,7 @@ iptables_restore_main(int argc, char *argv[])
}
if (strcmp(policy, "-") != 0) {
- struct ipt_counters count;
+ struct xt_counters count;
if (counters) {
char *ctrs;
@@ -300,8 +300,7 @@ iptables_restore_main(int argc, char *argv[])
"for chain '%s'\n", chain);
} else {
- memset(&count, 0,
- sizeof(struct ipt_counters));
+ memset(&count, 0, sizeof(count));
}
DEBUGP("Setting policy of chain %s to %s\n",
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index ff42f884..e599fcec 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -36,7 +36,7 @@ static int for_each_table(int (*func)(const char *tablename))
{
int ret = 1;
FILE *procfile = NULL;
- char tablename[IPT_TABLE_MAXNAMELEN+1];
+ char tablename[XT_TABLE_MAXNAMELEN+1];
procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
@@ -87,7 +87,7 @@ static int do_output(const char *tablename)
printf(":%s ", chain);
if (iptc_builtin(chain, h)) {
- struct ipt_counters count;
+ struct xt_counters count;
printf("%s ",
iptc_get_policy(chain, &count, h));
printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c
index 4ecddcb7..4b12bd46 100644
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -56,7 +56,7 @@ print_usage(const char *name, const char *version)
}
static int
-parse_counters(char *string, struct ipt_counters *ctr)
+parse_counters(char *string, struct xt_counters *ctr)
{
__u64 *pcnt, *bcnt;
@@ -81,16 +81,16 @@ static unsigned int oldargc = 0;
/* arg meta data, were they quoted, frinstance */
static int newargvattr[255];
-#define IPT_CHAIN_MAXNAMELEN IPT_TABLE_MAXNAMELEN
-static char closeActionTag[IPT_TABLE_MAXNAMELEN + 1];
-static char closeRuleTag[IPT_TABLE_MAXNAMELEN + 1];
-static char curTable[IPT_TABLE_MAXNAMELEN + 1];
-static char curChain[IPT_CHAIN_MAXNAMELEN + 1];
+#define XT_CHAIN_MAXNAMELEN XT_TABLE_MAXNAMELEN
+static char closeActionTag[XT_TABLE_MAXNAMELEN + 1];
+static char closeRuleTag[XT_TABLE_MAXNAMELEN + 1];
+static char curTable[XT_TABLE_MAXNAMELEN + 1];
+static char curChain[XT_CHAIN_MAXNAMELEN + 1];
struct chain {
char *chain;
char *policy;
- struct ipt_counters count;
+ struct xt_counters count;
int created;
};
@@ -233,12 +233,12 @@ closeChain(void)
}
static void
-openChain(char *chain, char *policy, struct ipt_counters *ctr, char close)
+openChain(char *chain, char *policy, struct xt_counters *ctr, char close)
{
closeChain();
- strncpy(curChain, chain, IPT_CHAIN_MAXNAMELEN);
- curChain[IPT_CHAIN_MAXNAMELEN] = '\0';
+ strncpy(curChain, chain, XT_CHAIN_MAXNAMELEN);
+ curChain[XT_CHAIN_MAXNAMELEN] = '\0';
printf(" <chain ");
xmlAttrS("name", curChain);
@@ -287,7 +287,7 @@ needChain(char *chain)
}
static void
-saveChain(char *chain, char *policy, struct ipt_counters *ctr)
+saveChain(char *chain, char *policy, struct xt_counters *ctr)
{
if (nextChain >= maxChains) {
xtables_error(PARAMETER_PROBLEM,
@@ -332,8 +332,8 @@ openTable(char *table)
{
closeTable();
- strncpy(curTable, table, IPT_TABLE_MAXNAMELEN);
- curTable[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(curTable, table, XT_TABLE_MAXNAMELEN);
+ curTable[XT_TABLE_MAXNAMELEN] = '\0';
printf(" <table ");
xmlAttrS("name", curTable);
@@ -592,8 +592,8 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
xmlAttrS("byte-count", bcnt);
printf(">\n");
- strncpy(closeRuleTag, " </rule>\n", IPT_TABLE_MAXNAMELEN);
- closeRuleTag[IPT_TABLE_MAXNAMELEN] = '\0';
+ strncpy(closeRuleTag, " </rule>\n", XT_TABLE_MAXNAMELEN);
+ closeRuleTag[XT_TABLE_MAXNAMELEN] = '\0';
/* no point in writing out condition if there isn't one */
if (argc >= 3 && !isTarget(argv[2])) {
@@ -607,8 +607,8 @@ do_rule(char *pcnt, char *bcnt, int argc, char *argv[], int argvattr[])
if (!closeActionTag[0]) {
printf(" <actions>\n");
strncpy(closeActionTag, " </actions>\n",
- IPT_TABLE_MAXNAMELEN);
- closeActionTag[IPT_TABLE_MAXNAMELEN] = '\0';
+ XT_TABLE_MAXNAMELEN);
+ closeActionTag[XT_TABLE_MAXNAMELEN] = '\0';
}
do_rule_part(NULL, NULL, 1, argc, argv, argvattr);
}
@@ -694,7 +694,7 @@ iptables_xml_main(int argc, char *argv[])
} else if ((buffer[0] == ':') && (curTable[0])) {
/* New chain. */
char *policy, *chain;
- struct ipt_counters count;
+ struct xt_counters count;
char *ctrs;
chain = strtok(buffer + 1, " \t\n");
diff --git a/iptables/iptables.c b/iptables/iptables.c
index d4a7ca11..03ac63b8 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -171,7 +171,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
/* -n */ 0,
/* -s */ IPT_INV_SRCIP,
/* -d */ IPT_INV_DSTIP,
-/* -p */ IPT_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
@@ -473,7 +473,7 @@ print_num(uint64_t number, unsigned int format)
static void
print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ipt_counters counters;
+ struct xt_counters counters;
const char *pol = iptc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
@@ -521,7 +521,7 @@ print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
static int
-print_match(const struct ipt_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ipt_ip *ip,
int numeric)
{
@@ -550,14 +550,14 @@ print_firewall(const struct ipt_entry *fw,
struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
- const struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
uint8_t flags;
char buf[BUFSIZ];
if (!iptc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IPT_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ipt_get_target((struct ipt_entry *)fw);
@@ -574,7 +574,7 @@ print_firewall(const struct ipt_entry *fw,
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ip.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
if (pname)
@@ -671,7 +671,7 @@ static void
print_firewall_line(const struct ipt_entry *fw,
struct xtc_handle *const h)
{
- struct ipt_entry_target *t;
+ struct xt_entry_target *t;
t = ipt_get_target((struct ipt_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
@@ -768,10 +768,10 @@ make_delete_mask(const struct xtables_rule_match *matches,
size = sizeof(struct ipt_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + XT_ALIGN(sizeof(struct ipt_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ipt_entry));
@@ -779,13 +779,13 @@ make_delete_mask(const struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ipt_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ipt_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
@@ -1041,7 +1041,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
}
}
-static int print_match_save(const struct ipt_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ipt_ip *ip)
{
const struct xtables_match *match =
@@ -1099,7 +1099,7 @@ static void print_ip(const char *prefix, uint32_t ip,
void print_rule4(const struct ipt_entry *e,
struct xtc_handle *h, const char *chain, int counters)
{
- const struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1122,7 +1122,7 @@ void print_rule4(const struct ipt_entry *e,
print_iface('o', e->ip.outiface, e->ip.outiface_mask,
e->ip.invflags & IPT_INV_VIA_OUT);
- print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
+ print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO);
if (e->ip.flags & IPT_F_FRAG)
printf("%s -f",
@@ -1161,11 +1161,11 @@ void print_rule4(const struct ipt_entry *e,
if (target->save)
target->save(&e->ip, t);
else {
- /* If the target size is greater than ipt_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ipt_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
@@ -1195,7 +1195,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
continue;
if (iptc_builtin(this, handle)) {
- struct ipt_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, iptc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1232,7 +1232,7 @@ list_rules(const xt_chainlabel chain, int rulenum, int counters,
static struct ipt_entry *
generate_entry(const struct ipt_entry *fw,
struct xtables_rule_match *matches,
- struct ipt_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1290,7 +1290,7 @@ static void command_jump(struct iptables_command_state *cs)
if (cs->target == NULL)
return;
- size = XT_ALIGN(sizeof(struct ipt_entry_target))
+ size = XT_ALIGN(sizeof(struct xt_entry_target))
+ cs->target->size;
cs->target->t = xtables_calloc(1, size);
@@ -1321,7 +1321,7 @@ static void command_match(struct iptables_command_state *cs)
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
- size = XT_ALIGN(sizeof(struct ipt_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
@@ -1559,7 +1559,7 @@ int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle
cs.fw.ip.proto = xtables_parse_protocol(cs.protocol);
if (cs.fw.ip.proto == 0
- && (cs.fw.ip.invflags & IPT_INV_PROTO))
+ && (cs.fw.ip.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
break;
@@ -1837,10 +1837,10 @@ int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle
|| iptc_is_chain(cs.jumpto, *handle))) {
size_t size;
- cs.target = xtables_find_target(IPT_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ipt_entry_target)
+ size = sizeof(struct xt_entry_target)
+ cs.target->size;
cs.target->t = xtables_calloc(1, size);
cs.target->t->u.target_size = size;
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 79da507d..e61c28c8 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -139,7 +139,7 @@ int command_default(struct iptables_command_state *cs,
cs->proto_used = 1;
- size = XT_ALIGN(sizeof(struct ip6t_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c
index cf292381..c55cbc7d 100644
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -37,23 +37,23 @@ typedef unsigned int socklen_t;
#define HOOK_LOCAL_OUT NF_IP_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP_POST_ROUTING
-#define STRUCT_ENTRY_TARGET struct ipt_entry_target
+#define STRUCT_ENTRY_TARGET struct xt_entry_target
#define STRUCT_ENTRY struct ipt_entry
-#define STRUCT_ENTRY_MATCH struct ipt_entry_match
+#define STRUCT_ENTRY_MATCH struct xt_entry_match
#define STRUCT_GETINFO struct ipt_getinfo
#define STRUCT_GET_ENTRIES struct ipt_get_entries
-#define STRUCT_COUNTERS struct ipt_counters
-#define STRUCT_COUNTERS_INFO struct ipt_counters_info
-#define STRUCT_STANDARD_TARGET struct ipt_standard_target
+#define STRUCT_COUNTERS struct xt_counters
+#define STRUCT_COUNTERS_INFO struct xt_counters_info
+#define STRUCT_STANDARD_TARGET struct xt_standard_target
#define STRUCT_REPLACE struct ipt_replace
#define ENTRY_ITERATE IPT_ENTRY_ITERATE
-#define TABLE_MAXNAMELEN IPT_TABLE_MAXNAMELEN
-#define FUNCTION_MAXNAMELEN IPT_FUNCTION_MAXNAMELEN
+#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define GET_TARGET ipt_get_target
-#define ERROR_TARGET IPT_ERROR_TARGET
+#define ERROR_TARGET XT_ERROR_TARGET
#define NUMHOOKS NF_IP_NUMHOOKS
#define IPT_CHAINLABEL xt_chainlabel
@@ -100,14 +100,14 @@ typedef unsigned int socklen_t;
#define SO_GET_ENTRIES IPT_SO_GET_ENTRIES
#define SO_GET_VERSION IPT_SO_GET_VERSION
-#define STANDARD_TARGET IPT_STANDARD_TARGET
+#define STANDARD_TARGET XT_STANDARD_TARGET
#define LABEL_RETURN IPTC_LABEL_RETURN
#define LABEL_ACCEPT IPTC_LABEL_ACCEPT
#define LABEL_DROP IPTC_LABEL_DROP
#define LABEL_QUEUE IPTC_LABEL_QUEUE
#define ALIGN XT_ALIGN
-#define RETURN IPT_RETURN
+#define RETURN XT_RETURN
#include "libiptc.c"
@@ -160,7 +160,7 @@ dump_entry(struct ipt_entry *e, struct xtc_handle *const handle)
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
- } else if (strcmp(t->u.user.name, IPT_ERROR_TARGET) == 0)
+ } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
@@ -203,7 +203,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b, unsigned char *matchmask)
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += XT_ALIGN(sizeof(struct ipt_entry_target));
+ mptr += XT_ALIGN(sizeof(struct xt_entry_target));
return mptr;
}
@@ -271,14 +271,14 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
idx = iptcb_entry2index(h, te);
assert(strcmp(GET_TARGET(te)->u.user.name,
- IPT_ERROR_TARGET)
+ XT_ERROR_TARGET)
!= 0);
assert(te != e);
/* Prior node must be error node, or this node. */
assert(t->verdict == iptcb_entry2offset(h, e)+e->next_offset
|| strcmp(GET_TARGET(index2entry(h, idx-1))
- ->u.user.name, IPT_ERROR_TARGET)
+ ->u.user.name, XT_ERROR_TARGET)
== 0);
}
@@ -288,7 +288,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
*was_return = 1;
else
*was_return = 0;
- } else if (strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0) {
+ } else if (strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0) {
assert(t->target.u.target_size
== ALIGN(sizeof(struct ipt_error_target)));
@@ -301,7 +301,7 @@ check_entry(const STRUCT_ENTRY *e, unsigned int *i, unsigned int *off,
else *was_return = 0;
if (*off == user_offset)
- assert(strcmp(t->target.u.user.name, IPT_ERROR_TARGET) == 0);
+ assert(strcmp(t->target.u.user.name, XT_ERROR_TARGET) == 0);
(*off) += e->next_offset;
(*i)++;
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
index 636466f1..9febee30 100644
--- a/libiptc/libip6tc.c
+++ b/libiptc/libip6tc.c
@@ -35,23 +35,23 @@ typedef unsigned int socklen_t;
#define HOOK_LOCAL_OUT NF_IP6_LOCAL_OUT
#define HOOK_POST_ROUTING NF_IP6_POST_ROUTING
-#define STRUCT_ENTRY_TARGET struct ip6t_entry_target
+#define STRUCT_ENTRY_TARGET struct xt_entry_target
#define STRUCT_ENTRY struct ip6t_entry
-#define STRUCT_ENTRY_MATCH struct ip6t_entry_match
+#define STRUCT_ENTRY_MATCH struct xt_entry_match
#define STRUCT_GETINFO struct ip6t_getinfo
#define STRUCT_GET_ENTRIES struct ip6t_get_entries
-#define STRUCT_COUNTERS struct ip6t_counters
-#define STRUCT_COUNTERS_INFO struct ip6t_counters_info
-#define STRUCT_STANDARD_TARGET struct ip6t_standard_target
+#define STRUCT_COUNTERS struct xt_counters
+#define STRUCT_COUNTERS_INFO struct xt_counters_info
+#define STRUCT_STANDARD_TARGET struct xt_standard_target
#define STRUCT_REPLACE struct ip6t_replace
#define ENTRY_ITERATE IP6T_ENTRY_ITERATE
-#define TABLE_MAXNAMELEN IP6T_TABLE_MAXNAMELEN
-#define FUNCTION_MAXNAMELEN IP6T_FUNCTION_MAXNAMELEN
+#define TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define GET_TARGET ip6t_get_target
-#define ERROR_TARGET IP6T_ERROR_TARGET
+#define ERROR_TARGET XT_ERROR_TARGET
#define NUMHOOKS NF_IP6_NUMHOOKS
#define IPT_CHAINLABEL xt_chainlabel
@@ -98,14 +98,14 @@ typedef unsigned int socklen_t;
#define SO_GET_ENTRIES IP6T_SO_GET_ENTRIES
#define SO_GET_VERSION IP6T_SO_GET_VERSION
-#define STANDARD_TARGET IP6T_STANDARD_TARGET
+#define STANDARD_TARGET XT_STANDARD_TARGET
#define LABEL_RETURN IP6TC_LABEL_RETURN
#define LABEL_ACCEPT IP6TC_LABEL_ACCEPT
#define LABEL_DROP IP6TC_LABEL_DROP
#define LABEL_QUEUE IP6TC_LABEL_QUEUE
#define ALIGN XT_ALIGN
-#define RETURN IP6T_RETURN
+#define RETURN XT_RETURN
#include "libiptc.c"
@@ -133,7 +133,7 @@ dump_entry(struct ip6t_entry *e, struct xtc_handle *const handle)
size_t i;
char buf[40];
int len;
- struct ip6t_entry_target *t;
+ struct xt_entry_target *t;
printf("Entry %u (%lu):\n", iptcb_entry2index(handle, e),
iptcb_entry2offset(handle, e));
@@ -182,18 +182,18 @@ dump_entry(struct ip6t_entry *e, struct xtc_handle *const handle)
t = ip6t_get_target(e);
printf("Target name: `%s' [%u]\n", t->u.user.name, t->u.target_size);
- if (strcmp(t->u.user.name, IP6T_STANDARD_TARGET) == 0) {
+ if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
const unsigned char *data = t->data;
int pos = *(const int *)data;
if (pos < 0)
printf("verdict=%s\n",
pos == -NF_ACCEPT-1 ? "NF_ACCEPT"
: pos == -NF_DROP-1 ? "NF_DROP"
- : pos == IP6T_RETURN ? "RETURN"
+ : pos == XT_RETURN ? "RETURN"
: "UNKNOWN");
else
printf("verdict=%u\n", pos);
- } else if (strcmp(t->u.user.name, IP6T_ERROR_TARGET) == 0)
+ } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0)
printf("error=`%s'\n", t->data);
printf("\n");
@@ -238,7 +238,7 @@ is_same(const STRUCT_ENTRY *a, const STRUCT_ENTRY *b,
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += XT_ALIGN(sizeof(struct ip6t_entry_target));
+ mptr += XT_ALIGN(sizeof(struct xt_entry_target));
return mptr;
}