summaryrefslogtreecommitdiffstats
path: root/iptables/iptables.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/iptables.c')
-rw-r--r--iptables/iptables.c110
1 files changed, 55 insertions, 55 deletions
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 830ddbcb..03ac63b8 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -171,7 +171,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
/* -n */ 0,
/* -s */ IPT_INV_SRCIP,
/* -d */ IPT_INV_DSTIP,
-/* -p */ IPT_INV_PROTO,
+/* -p */ XT_INV_PROTO,
/* -j */ 0,
/* -v */ 0,
/* -x */ 0,
@@ -471,9 +471,9 @@ print_num(uint64_t number, unsigned int format)
static void
-print_header(unsigned int format, const char *chain, struct iptc_handle *handle)
+print_header(unsigned int format, const char *chain, struct xtc_handle *handle)
{
- struct ipt_counters counters;
+ struct xt_counters counters;
const char *pol = iptc_get_policy(chain, &counters, handle);
printf("Chain %s", chain);
if (pol) {
@@ -521,7 +521,7 @@ print_header(unsigned int format, const char *chain, struct iptc_handle *handle)
static int
-print_match(const struct ipt_entry_match *m,
+print_match(const struct xt_entry_match *m,
const struct ipt_ip *ip,
int numeric)
{
@@ -547,17 +547,17 @@ print_firewall(const struct ipt_entry *fw,
const char *targname,
unsigned int num,
unsigned int format,
- struct iptc_handle *const handle)
+ struct xtc_handle *const handle)
{
const struct xtables_target *target = NULL;
- const struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
uint8_t flags;
char buf[BUFSIZ];
if (!iptc_is_chain(targname, handle))
target = xtables_find_target(targname, XTF_TRY_LOAD);
else
- target = xtables_find_target(IPT_STANDARD_TARGET,
+ target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
t = ipt_get_target((struct ipt_entry *)fw);
@@ -574,7 +574,7 @@ print_firewall(const struct ipt_entry *fw,
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ", "%s "), targname);
- fputc(fw->ip.invflags & IPT_INV_PROTO ? '!' : ' ', stdout);
+ fputc(fw->ip.invflags & XT_INV_PROTO ? '!' : ' ', stdout);
{
const char *pname = proto_to_name(fw->ip.proto, format&FMT_NUMERIC);
if (pname)
@@ -669,16 +669,16 @@ print_firewall(const struct ipt_entry *fw,
static void
print_firewall_line(const struct ipt_entry *fw,
- struct iptc_handle *const h)
+ struct xtc_handle *const h)
{
- struct ipt_entry_target *t;
+ struct xt_entry_target *t;
t = ipt_get_target((struct ipt_entry *)fw);
print_firewall(fw, t->u.user.name, 0, FMT_PRINT_RULE, h);
}
static int
-append_entry(const ipt_chainlabel chain,
+append_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -687,7 +687,7 @@ append_entry(const ipt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -708,13 +708,13 @@ append_entry(const ipt_chainlabel chain,
}
static int
-replace_entry(const ipt_chainlabel chain,
+replace_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
const struct in_addr *saddr, const struct in_addr *smask,
const struct in_addr *daddr, const struct in_addr *dmask,
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
fw->ip.src.s_addr = saddr->s_addr;
fw->ip.dst.s_addr = daddr->s_addr;
@@ -727,7 +727,7 @@ replace_entry(const ipt_chainlabel chain,
}
static int
-insert_entry(const ipt_chainlabel chain,
+insert_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
unsigned int nsaddrs,
@@ -737,7 +737,7 @@ insert_entry(const ipt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle)
+ struct xtc_handle *handle)
{
unsigned int i, j;
int ret = 1;
@@ -768,10 +768,10 @@ make_delete_mask(const struct xtables_rule_match *matches,
size = sizeof(struct ipt_entry);
for (matchp = matches; matchp; matchp = matchp->next)
- size += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
mask = xtables_calloc(1, size
- + XT_ALIGN(sizeof(struct ipt_entry_target))
+ + XT_ALIGN(sizeof(struct xt_entry_target))
+ target->size);
memset(mask, 0xFF, sizeof(struct ipt_entry));
@@ -779,20 +779,20 @@ make_delete_mask(const struct xtables_rule_match *matches,
for (matchp = matches; matchp; matchp = matchp->next) {
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ipt_entry_match))
+ XT_ALIGN(sizeof(struct xt_entry_match))
+ matchp->match->userspacesize);
- mptr += XT_ALIGN(sizeof(struct ipt_entry_match)) + matchp->match->size;
+ mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
}
memset(mptr, 0xFF,
- XT_ALIGN(sizeof(struct ipt_entry_target))
+ XT_ALIGN(sizeof(struct xt_entry_target))
+ target->userspacesize);
return mask;
}
static int
-delete_entry(const ipt_chainlabel chain,
+delete_entry(const xt_chainlabel chain,
struct ipt_entry *fw,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -801,7 +801,7 @@ delete_entry(const ipt_chainlabel chain,
const struct in_addr daddrs[],
const struct in_addr dmasks[],
int verbose,
- struct iptc_handle *handle,
+ struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -827,11 +827,11 @@ delete_entry(const ipt_chainlabel chain,
}
static int
-check_entry(const ipt_chainlabel chain, struct ipt_entry *fw,
+check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
unsigned int nsaddrs, const struct in_addr *saddrs,
const struct in_addr *smasks, unsigned int ndaddrs,
const struct in_addr *daddrs, const struct in_addr *dmasks,
- bool verbose, struct iptc_handle *handle,
+ bool verbose, struct xtc_handle *handle,
struct xtables_rule_match *matches,
const struct xtables_target *target)
{
@@ -857,8 +857,8 @@ check_entry(const ipt_chainlabel chain, struct ipt_entry *fw,
}
int
-for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
- int verbose, int builtinstoo, struct iptc_handle *handle)
+for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *),
+ int verbose, int builtinstoo, struct xtc_handle *handle)
{
int ret = 1;
const char *chain;
@@ -871,21 +871,21 @@ for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
chain = iptc_next_chain(handle);
}
- chains = xtables_malloc(sizeof(ipt_chainlabel) * chaincount);
+ chains = xtables_malloc(sizeof(xt_chainlabel) * chaincount);
i = 0;
chain = iptc_first_chain(handle);
while (chain) {
- strcpy(chains + i*sizeof(ipt_chainlabel), chain);
+ strcpy(chains + i*sizeof(xt_chainlabel), chain);
i++;
chain = iptc_next_chain(handle);
}
for (i = 0; i < chaincount; i++) {
if (!builtinstoo
- && iptc_builtin(chains + i*sizeof(ipt_chainlabel),
+ && iptc_builtin(chains + i*sizeof(xt_chainlabel),
handle) == 1)
continue;
- ret &= fn(chains + i*sizeof(ipt_chainlabel), verbose, handle);
+ ret &= fn(chains + i*sizeof(xt_chainlabel), verbose, handle);
}
free(chains);
@@ -893,8 +893,8 @@ for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *),
}
int
-flush_entries4(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+flush_entries4(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain4(flush_entries4, verbose, 1, handle);
@@ -905,8 +905,8 @@ flush_entries4(const ipt_chainlabel chain, int verbose,
}
static int
-zero_entries(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+zero_entries(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain4(zero_entries, verbose, 1, handle);
@@ -917,8 +917,8 @@ zero_entries(const ipt_chainlabel chain, int verbose,
}
int
-delete_chain4(const ipt_chainlabel chain, int verbose,
- struct iptc_handle *handle)
+delete_chain4(const xt_chainlabel chain, int verbose,
+ struct xtc_handle *handle)
{
if (!chain)
return for_each_chain4(delete_chain4, verbose, 0, handle);
@@ -929,8 +929,8 @@ delete_chain4(const ipt_chainlabel chain, int verbose,
}
static int
-list_entries(const ipt_chainlabel chain, int rulenum, int verbose, int numeric,
- int expanded, int linenumbers, struct iptc_handle *handle)
+list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
+ int expanded, int linenumbers, struct xtc_handle *handle)
{
int found = 0;
unsigned int format;
@@ -1041,7 +1041,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
}
}
-static int print_match_save(const struct ipt_entry_match *e,
+static int print_match_save(const struct xt_entry_match *e,
const struct ipt_ip *ip)
{
const struct xtables_match *match =
@@ -1097,9 +1097,9 @@ static void print_ip(const char *prefix, uint32_t ip,
/* We want this to be readable, so only print out neccessary fields.
* Because that's the kind of world I want to live in. */
void print_rule4(const struct ipt_entry *e,
- struct iptc_handle *h, const char *chain, int counters)
+ struct xtc_handle *h, const char *chain, int counters)
{
- const struct ipt_entry_target *t;
+ const struct xt_entry_target *t;
const char *target_name;
/* print counters for iptables-save */
@@ -1122,7 +1122,7 @@ void print_rule4(const struct ipt_entry *e,
print_iface('o', e->ip.outiface, e->ip.outiface_mask,
e->ip.invflags & IPT_INV_VIA_OUT);
- print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
+ print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO);
if (e->ip.flags & IPT_F_FRAG)
printf("%s -f",
@@ -1161,11 +1161,11 @@ void print_rule4(const struct ipt_entry *e,
if (target->save)
target->save(&e->ip, t);
else {
- /* If the target size is greater than ipt_entry_target
+ /* If the target size is greater than xt_entry_target
* there is something to be saved, we just don't know
* how to print it */
if (t->u.target_size !=
- sizeof(struct ipt_entry_target)) {
+ sizeof(struct xt_entry_target)) {
fprintf(stderr, "Target `%s' is missing "
"save function\n",
t->u.user.name);
@@ -1177,8 +1177,8 @@ void print_rule4(const struct ipt_entry *e,
}
static int
-list_rules(const ipt_chainlabel chain, int rulenum, int counters,
- struct iptc_handle *handle)
+list_rules(const xt_chainlabel chain, int rulenum, int counters,
+ struct xtc_handle *handle)
{
const char *this = NULL;
int found = 0;
@@ -1195,7 +1195,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters,
continue;
if (iptc_builtin(this, handle)) {
- struct ipt_counters count;
+ struct xt_counters count;
printf("-P %s %s", this, iptc_get_policy(this, &count, handle));
if (counters)
printf(" -c %llu %llu", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);
@@ -1232,7 +1232,7 @@ list_rules(const ipt_chainlabel chain, int rulenum, int counters,
static struct ipt_entry *
generate_entry(const struct ipt_entry *fw,
struct xtables_rule_match *matches,
- struct ipt_entry_target *target)
+ struct xt_entry_target *target)
{
unsigned int size;
struct xtables_rule_match *matchp;
@@ -1290,7 +1290,7 @@ static void command_jump(struct iptables_command_state *cs)
if (cs->target == NULL)
return;
- size = XT_ALIGN(sizeof(struct ipt_entry_target))
+ size = XT_ALIGN(sizeof(struct xt_entry_target))
+ cs->target->size;
cs->target->t = xtables_calloc(1, size);
@@ -1321,7 +1321,7 @@ static void command_match(struct iptables_command_state *cs)
"unexpected ! flag before --match");
m = xtables_find_match(optarg, XTF_LOAD_MUST_SUCCEED, &cs->matches);
- size = XT_ALIGN(sizeof(struct ipt_entry_match)) + m->size;
+ size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
@@ -1340,7 +1340,7 @@ static void command_match(struct iptables_command_state *cs)
xtables_error(OTHER_PROBLEM, "can't alloc memory!");
}
-int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handle)
+int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle)
{
struct iptables_command_state cs;
struct ipt_entry *e = NULL;
@@ -1559,7 +1559,7 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
cs.fw.ip.proto = xtables_parse_protocol(cs.protocol);
if (cs.fw.ip.proto == 0
- && (cs.fw.ip.invflags & IPT_INV_PROTO))
+ && (cs.fw.ip.invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
break;
@@ -1837,10 +1837,10 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
|| iptc_is_chain(cs.jumpto, *handle))) {
size_t size;
- cs.target = xtables_find_target(IPT_STANDARD_TARGET,
+ cs.target = xtables_find_target(XT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- size = sizeof(struct ipt_entry_target)
+ size = sizeof(struct xt_entry_target)
+ cs.target->size;
cs.target->t = xtables_calloc(1, size);
cs.target->t->u.target_size = size;