diff options
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/Makefile.am | 41 | ||||
-rw-r--r-- | iptables/xtables-arp-standalone.c | 2 | ||||
-rw-r--r-- | iptables/xtables-arp.c | 2 | ||||
-rw-r--r-- | iptables/xtables-compat-multi.c | 39 | ||||
-rw-r--r-- | iptables/xtables-multi.h | 13 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 22 | ||||
-rw-r--r-- | iptables/xtables-save.c | 18 | ||||
-rw-r--r-- | iptables/xtables-standalone.c | 24 |
8 files changed, 123 insertions, 38 deletions
diff --git a/iptables/Makefile.am b/iptables/Makefile.am index 2c6a163f..41bca7c7 100644 --- a/iptables/Makefile.am +++ b/iptables/Makefile.am @@ -25,24 +25,32 @@ endif xtables_multi_SOURCES += xshared.c xtables_multi_LDADD += ../libxtables/libxtables.la -lm +# nftables compatibility layer if ENABLE_NFTABLES -if HAVE_LIBMNL -if HAVE_LIBNFTNL -xtables_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l -xtables_multi_SOURCES += xtables-save.c xtables-restore.c \ - xtables-standalone.c xtables.c nft.c \ - nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \ - xtables-config.c xtables-events.c \ - xtables-arp-standalone.c xtables-arp.c -xtables_multi_LDADD += ${libmnl_LIBS} ${libnftnl_LIBS} -xtables_multi_CFLAGS += -DENABLE_NFTABLES -# yacc and lex generate dirty code -xtables_multi-xtables-config-parser.o xtables_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls -endif +xtables_compat_multi_SOURCES = xtables-compat-multi.c iptables-xml.c +xtables_compat_multi_CFLAGS = ${AM_CFLAGS} +xtables_compat_multi_LDADD = ../extensions/libext.a +if ENABLE_STATIC +xtables_compat_multi_CFLAGS += -DALL_INCLUSIVE endif +xtables_compat_multi_CFLAGS += -DENABLE_NFTABLES -DENABLE_IPV4 -DENABLE_IPV6 +xtables_compat_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l +xtables_compat_multi_SOURCES += xtables-save.c xtables-restore.c \ + xtables-standalone.c xtables.c nft.c \ + nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \ + xtables-config.c xtables-events.c \ + xtables-arp-standalone.c xtables-arp.c +xtables_compat_multi_LDADD += ${libmnl_LIBS} ${libnftnl_LIBS} +# yacc and lex generate dirty code +xtables_compat_multi-xtables-config-parser.o xtables_compat_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls +xtables_compat_multi_SOURCES += xshared.c +xtables_compat_multi_LDADD += ../libxtables/libxtables.la -lm endif sbin_PROGRAMS = xtables-multi +if ENABLE_NFTABLES +sbin_PROGRAMS += xtables-compat-multi +endif man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ iptables-xml.1 ip6tables.8 ip6tables-restore.8 \ ip6tables-save.8 iptables-extensions.8 @@ -57,8 +65,9 @@ if ENABLE_IPV6 v6_sbin_links = ip6tables ip6tables-restore ip6tables-save endif if ENABLE_NFTABLES -x_sbin_links = xtables xtables-restore xtables-save xtables-config \ - xtables-events xtables-arp +x_sbin_links = iptables-compat iptables-compat-restore iptables-compat-save \ + ip6tables-compat ip6tables-compat-restore ip6tables-compat-save \ + arptables-compat xtables-config xtables-events endif iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man @@ -75,4 +84,4 @@ install-exec-hook: for i in ${vx_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done; for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done; for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done; - for i in ${x_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done; + for i in ${x_sbin_links}; do ${LN_S} -f xtables-compat-multi "${DESTDIR}${sbindir}/$$i"; done; diff --git a/iptables/xtables-arp-standalone.c b/iptables/xtables-arp-standalone.c index 8d4679f1..23b6bcb4 100644 --- a/iptables/xtables-arp-standalone.c +++ b/iptables/xtables-arp-standalone.c @@ -62,7 +62,7 @@ int xtables_arp_main(int argc, char *argv[]) .family = NFPROTO_ARP, }; - xtables_globals.program_name = "xtables-arp"; + xtables_globals.program_name = "arptables"; /* This code below could be replaced by xtables_init_all, which * doesn't support NFPROTO_ARP yet. */ diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 298801b3..0c79a387 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -202,7 +202,7 @@ static int inverse_for_options[NUMBER_OF_OPT] = }; const char *program_version = XTABLES_VERSION; -const char *program_name = "xtables-arp"; +const char *program_name = "arptables"; /* A few hardcoded protocols for 'all' and in case the user has no /etc/protocols */ diff --git a/iptables/xtables-compat-multi.c b/iptables/xtables-compat-multi.c new file mode 100644 index 00000000..47810524 --- /dev/null +++ b/iptables/xtables-compat-multi.c @@ -0,0 +1,39 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "xshared.h" + +#include "xtables-multi.h" + +static const struct subcommand multi_subcommands[] = { + {"iptables-xml", iptables_xml_main}, + {"xml", iptables_xml_main}, + {"iptables", xtables_ip4_main}, + {"iptables-compat", xtables_ip4_main}, + {"main4", xtables_ip4_main}, + {"save4", xtables_ip4_save_main}, + {"restore4", xtables_ip4_restore_main}, + {"iptables-save", xtables_ip4_save_main}, + {"iptables-restore", xtables_ip4_restore_main}, + {"iptables-compat-save", xtables_ip4_save_main}, + {"iptables-compat-restore", xtables_ip4_restore_main}, + {"ip6tables", xtables_ip6_main}, + {"ip6tables-compat", xtables_ip6_main}, + {"main6", xtables_ip6_main}, + {"save6", xtables_ip6_save_main}, + {"restore6", xtables_ip6_restore_main}, + {"ip6tables-save", xtables_ip6_save_main}, + {"ip6tables-restore", xtables_ip6_restore_main}, + {"ip6tables-compat-save", xtables_ip6_save_main}, + {"ip6tables-compat-restore", xtables_ip6_restore_main}, + {"arptables", xtables_arp_main}, + {"arptables-compat", xtables_arp_main}, + {"xtables-config", xtables_config_main}, + {"xtables-events", xtables_events_main}, + {NULL}, +}; + +int main(int argc, char **argv) +{ + return subcmd_main(argc, argv, multi_subcommands); +} diff --git a/iptables/xtables-multi.h b/iptables/xtables-multi.h index 759e24f0..e706894b 100644 --- a/iptables/xtables-multi.h +++ b/iptables/xtables-multi.h @@ -2,11 +2,16 @@ #define _XTABLES_MULTI_H 1 extern int iptables_xml_main(int, char **); -extern int xtables_main(int, char **); -extern int xtables_save_main(int, char **); -extern int xtables_restore_main(int, char **); +#ifdef ENABLE_NFTABLES +extern int xtables_ip4_main(int, char **); +extern int xtables_ip4_save_main(int, char **); +extern int xtables_ip4_restore_main(int, char **); +extern int xtables_ip6_main(int, char **); +extern int xtables_ip6_save_main(int, char **); +extern int xtables_ip6_restore_main(int, char **); +extern int xtables_arp_main(int, char **); extern int xtables_config_main(int, char **); extern int xtables_events_main(int, char **); -extern int xtables_arp_main(int, char **); +#endif #endif /* _XTABLES_MULTI_H */ diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 230894cd..c4af2c5d 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -165,11 +165,11 @@ static const struct xtc_ops xtc_ops = { .strerror = nft_strerror, }; -int -xtables_restore_main(int argc, char *argv[]) +static int +xtables_restore_main(int family, const char *progname, int argc, char *argv[]) { struct nft_handle h = { - .family = AF_INET, /* default to IPv4 */ + .family = family, }; char buffer[10240]; int c; @@ -183,8 +183,8 @@ xtables_restore_main(int argc, char *argv[]) line = 0; - xtables_globals.program_name = "xtables-restore"; - c = xtables_init_all(&xtables_globals, NFPROTO_IPV4); + xtables_globals.program_name = progname; + c = xtables_init_all(&xtables_globals, family); if (c < 0) { fprintf(stderr, "%s/%s Failed to initialize xtables\n", xtables_globals.program_name, @@ -472,3 +472,15 @@ xtables_restore_main(int argc, char *argv[]) fclose(in); return 0; } + +int xtables_ip4_restore_main(int argc, char *argv[]) +{ + return xtables_restore_main(NFPROTO_IPV4, "iptables-restore", + argc, argv); +} + +int xtables_ip6_restore_main(int argc, char *argv[]) +{ + return xtables_restore_main(NFPROTO_IPV6, "ip6tables-restore", + argc, argv); +} diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 77eab149..93065cfc 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -74,17 +74,17 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) * :Chain name POLICY packets bytes * rule */ -int -xtables_save_main(int argc, char *argv[]) +static int +xtables_save_main(int family, const char *progname, int argc, char *argv[]) { const char *tablename = NULL; bool dump = false; struct nft_handle h = { - .family = AF_INET, /* default to AF_INET */ + .family = family, }; int c; - xtables_globals.program_name = "xtables-save"; + xtables_globals.program_name = progname; /* XXX xtables_init_all does several things we don't want */ c = xtables_init_all(&xtables_globals, NFPROTO_IPV4); if (c < 0) { @@ -143,3 +143,13 @@ xtables_save_main(int argc, char *argv[]) return !do_output(&h, tablename, show_counters); } + +int xtables_ip4_save_main(int argc, char *argv[]) +{ + return xtables_save_main(NFPROTO_IPV4, "iptables-save", argc, argv); +} + +int xtables_ip6_save_main(int argc, char *argv[]) +{ + return xtables_save_main(NFPROTO_IPV6, "ip6tables-save", argc, argv); +} diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c index c9f8e15a..eb139805 100644 --- a/iptables/xtables-standalone.c +++ b/iptables/xtables-standalone.c @@ -39,17 +39,17 @@ #include "xtables-multi.h" #include "nft.h" -int -xtables_main(int argc, char *argv[]) +static int +xtables_main(int family, const char *progname, int argc, char *argv[]) { int ret; char *table = "filter"; - struct nft_handle h; + struct nft_handle h = { + .family = family, + }; - memset(&h, 0, sizeof(h)); - - xtables_globals.program_name = "xtables"; - ret = xtables_init_all(&xtables_globals, NFPROTO_IPV4); + xtables_globals.program_name = progname; + ret = xtables_init_all(&xtables_globals, family); if (ret < 0) { fprintf(stderr, "%s/%s Failed to initialize xtables\n", xtables_globals.program_name, @@ -92,3 +92,13 @@ xtables_main(int argc, char *argv[]) exit(!ret); } + +int xtables_ip4_main(int argc, char *argv[]) +{ + return xtables_main(NFPROTO_IPV4, "iptables", argc, argv); +} + +int xtables_ip6_main(int argc, char *argv[]) +{ + return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv); +} |