From 3af739b0e7c3b6dcc986645c57c982d0add5006b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 10 Feb 2011 16:57:37 +0100 Subject: libxtables: provide better final_check This passes the per-extension data block to the new x6_fcheck function pointer, which can then do last alterations without using hacks like global variables (think libxt_statistic). Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 15 +++++++++++++++ ip6tables.c | 18 ++++-------------- iptables.c | 18 ++++-------------- xtoptions.c | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 28 deletions(-) diff --git a/include/xtables.h.in b/include/xtables.h.in index 928f465c..c281fed7 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -103,6 +103,17 @@ struct xt_option_call { } val; }; +/** + * @ext_name: name of extension currently being processed + * @data: per-extension data block + * @xflags: options of the extension that have been used + */ +struct xt_fcheck_call { + const char *ext_name; + void *data; + unsigned int xflags; +}; + /* Include file for additions: new matches and targets. */ struct xtables_match { @@ -157,6 +168,7 @@ struct xtables_match /* New parser */ void (*x6_parse)(struct xt_option_call *); + void (*x6_fcheck)(struct xt_fcheck_call *); const struct xt_option_entry *x6_options; /* Ignore these men behind the curtain: */ @@ -220,6 +232,7 @@ struct xtables_target /* New parser */ void (*x6_parse)(struct xt_option_call *); + void (*x6_fcheck)(struct xt_fcheck_call *); const struct xt_option_entry *x6_options; /* Ignore these men behind the curtain: */ @@ -380,6 +393,8 @@ extern void xtables_option_tpcall(unsigned int, char **, bool, struct xtables_target *, void *); extern void xtables_option_mpcall(unsigned int, char **, bool, struct xtables_match *, void *); +extern void xtables_option_tfcall(struct xtables_target *); +extern void xtables_option_mfcall(struct xtables_match *); extern void xtables_options_fcheck(const char *, unsigned int, const struct xt_option_entry *); diff --git a/ip6tables.c b/ip6tables.c index 83d2fae1..3beeddf6 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1782,20 +1782,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand cs.invert = FALSE; } - for (matchp = cs.matches; matchp; matchp = matchp->next) { - if (matchp->match->x6_options != NULL) - xtables_options_fcheck(matchp->match->name, - matchp->match->mflags, - matchp->match->x6_options); - if (matchp->match->final_check != NULL) - matchp->match->final_check(matchp->match->mflags); - } - - if (cs.target != NULL && cs.target->x6_options != NULL) - xtables_options_fcheck(cs.target->name, cs.target->tflags, - cs.target->x6_options); - if (cs.target != NULL && cs.target->final_check != NULL) - cs.target->final_check(cs.target->tflags); + for (matchp = cs.matches; matchp; matchp = matchp->next) + xtables_option_mfcall(matchp->match); + if (cs.target != NULL) + xtables_option_tfcall(cs.target); /* Fix me: must put inverse options checking here --MN */ diff --git a/iptables.c b/iptables.c index 269a66fb..2c1528ea 100644 --- a/iptables.c +++ b/iptables.c @@ -1816,20 +1816,10 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle "\nThe \"nat\" table is not intended for filtering, " "the use of DROP is therefore inhibited.\n\n"); - for (matchp = cs.matches; matchp; matchp = matchp->next) { - if (matchp->match->x6_options != NULL) - xtables_options_fcheck(matchp->match->name, - matchp->match->mflags, - matchp->match->x6_options); - if (matchp->match->final_check != NULL) - matchp->match->final_check(matchp->match->mflags); - } - - if (cs.target != NULL && cs.target->x6_options != NULL) - xtables_options_fcheck(cs.target->name, cs.target->tflags, - cs.target->x6_options); - if (cs.target != NULL && cs.target->final_check != NULL) - cs.target->final_check(cs.target->tflags); + for (matchp = cs.matches; matchp; matchp = matchp->next) + xtables_option_mfcall(matchp->match); + if (cs.target != NULL) + xtables_option_tfcall(cs.target); /* Fix me: must put inverse options checking here --MN */ diff --git a/xtoptions.c b/xtoptions.c index 3286aa10..df917b67 100644 --- a/xtoptions.c +++ b/xtoptions.c @@ -297,3 +297,43 @@ void xtables_options_fcheck(const char *name, unsigned int xflags, } } } + +/** + * Dispatch arguments to the appropriate final_check function, based upon the + * extension's choice of API. + */ +void xtables_option_tfcall(struct xtables_target *t) +{ + if (t->x6_fcheck != NULL) { + struct xt_fcheck_call cb; + + cb.ext_name = t->name; + cb.data = t->t->data; + cb.xflags = t->tflags; + t->x6_fcheck(&cb); + } else if (t->final_check != NULL) { + t->final_check(t->tflags); + } + if (t->x6_options != NULL) + xtables_options_fcheck(t->name, t->tflags, t->x6_options); +} + +/** + * Dispatch arguments to the appropriate final_check function, based upon the + * extension's choice of API. + */ +void xtables_option_mfcall(struct xtables_match *m) +{ + if (m->x6_fcheck != NULL) { + struct xt_fcheck_call cb; + + cb.ext_name = m->name; + cb.data = m->m->data; + cb.xflags = m->mflags; + m->x6_fcheck(&cb); + } else if (m->final_check != NULL) { + m->final_check(m->mflags); + } + if (m->x6_options != NULL) + xtables_options_fcheck(m->name, m->mflags, m->x6_options); +} -- cgit v1.2.3