From 8115e5425721cd610b6390c3d4c24540773b0520 Mon Sep 17 00:00:00 2001 From: Pablo Neira Date: Mon, 14 Feb 2005 13:13:04 +0000 Subject: Kill NFC_* stuff in iptables (Pablo Neira ) Fixes build with conntrack event patch for 2.6 --- extensions/libip6t_LOG.c | 2 -- extensions/libip6t_REJECT.c | 2 -- extensions/libip6t_condition.c | 9 --------- extensions/libip6t_eui64.c | 9 --------- extensions/libip6t_fuzzy.c | 2 -- extensions/libip6t_hl.c | 7 ------- extensions/libip6t_icmpv6.c | 11 +++-------- extensions/libip6t_ipv6header.c | 2 -- extensions/libip6t_length.c | 8 -------- extensions/libip6t_limit.c | 2 -- extensions/libip6t_mac.c | 9 --------- extensions/libip6t_mark.c | 9 --------- extensions/libip6t_multiport.c | 3 --- extensions/libip6t_nth.c | 8 -------- extensions/libip6t_owner.c | 9 --------- extensions/libip6t_random.c | 1 - extensions/libip6t_tcp.c | 5 ----- extensions/libip6t_udp.c | 2 -- extensions/libipt_BALANCE.c | 2 -- extensions/libipt_DNAT.c | 9 --------- extensions/libipt_IPMARK.c | 1 - extensions/libipt_IPV4OPTSSTRIP.c | 6 ------ extensions/libipt_LOG.c | 2 -- extensions/libipt_MASQUERADE.c | 2 -- extensions/libipt_NETLINK.c | 1 - extensions/libipt_NETMAP.c | 2 -- extensions/libipt_POOL.c | 2 -- extensions/libipt_REDIRECT.c | 2 -- extensions/libipt_REJECT.c | 2 -- extensions/libipt_SAME.c | 2 -- extensions/libipt_SET.c | 2 -- extensions/libipt_SNAT.c | 9 --------- extensions/libipt_TARPIT.c | 8 -------- extensions/libipt_TCPLAG.c | 13 ------------- extensions/libipt_ULOG.c | 2 -- extensions/libipt_account.c | 1 - extensions/libipt_addrtype.c | 7 ------- extensions/libipt_childlevel.c | 7 ------- extensions/libipt_comment.c | 8 -------- extensions/libipt_condition.c | 9 --------- extensions/libipt_connbytes.c | 9 --------- extensions/libipt_connlimit.c | 9 --------- extensions/libipt_connrate.c | 9 --------- extensions/libipt_conntrack.c | 9 --------- extensions/libipt_dscp.c | 6 ------ extensions/libipt_dstlimit.c | 2 -- extensions/libipt_ecn.c | 6 ------ extensions/libipt_fuzzy.c | 1 - extensions/libipt_hashlimit.c | 2 -- extensions/libipt_helper.c | 9 --------- extensions/libipt_icmp.c | 11 +++-------- extensions/libipt_iprange.c | 9 --------- extensions/libipt_ipv4options.c | 9 --------- extensions/libipt_length.c | 8 -------- extensions/libipt_limit.c | 2 -- extensions/libipt_mac.c | 9 --------- extensions/libipt_mark.c | 9 --------- extensions/libipt_mport.c | 3 --- extensions/libipt_multiport.c | 6 ------ extensions/libipt_nth.c | 8 -------- extensions/libipt_osf.c | 8 -------- extensions/libipt_owner.c | 9 --------- extensions/libipt_pkttype.c | 6 ------ extensions/libipt_pool.c | 2 -- extensions/libipt_psd.c | 2 -- extensions/libipt_quota.c | 9 --------- extensions/libipt_random.c | 1 - extensions/libipt_realm.c | 9 --------- extensions/libipt_recent.c | 1 - extensions/libipt_record_rpc.c | 33 ++++++++++++--------------------- extensions/libipt_rpc.c | 2 -- extensions/libipt_sctp.c | 2 -- extensions/libipt_set.c | 2 -- extensions/libipt_state.c | 9 --------- extensions/libipt_string.c | 10 ---------- extensions/libipt_tcp.c | 5 ----- extensions/libipt_tcpmss.c | 8 -------- extensions/libipt_time.c | 2 -- extensions/libipt_tos.c | 8 -------- extensions/libipt_ttl.c | 7 ------- extensions/libipt_u32.c | 8 -------- extensions/libipt_udp.c | 2 -- extensions/libipt_unclean.c | 9 --------- ip6tables.c | 5 ----- iptables.c | 18 ++++++++---------- libiptc/libip4tc.c | 11 ----------- libiptc/libip6tc.c | 11 ----------- 87 files changed, 26 insertions(+), 508 deletions(-) diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index 74655af2..3cde0eec 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -42,8 +42,6 @@ init(struct ip6t_entry_target *t, unsigned int *nfcache) loginfo->level = LOG_DEFAULT_LEVEL; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } struct ip6t_log_names { diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c index 702f6b3d..879716b0 100644 --- a/extensions/libip6t_REJECT.c +++ b/extensions/libip6t_REJECT.c @@ -79,8 +79,6 @@ init(struct ip6t_entry_target *t, unsigned int *nfcache) /* default */ reject->with = IP6T_ICMP6_PORT_UNREACH; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Function which parses command options; returns true if it diff --git a/extensions/libip6t_condition.c b/extensions/libip6t_condition.c index f58b3bc3..0e94c39e 100644 --- a/extensions/libip6t_condition.c +++ b/extensions/libip6t_condition.c @@ -24,14 +24,6 @@ static struct option opts[] = { { .name = 0 } }; - -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - - static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ip6t_entry *entry, unsigned int *nfcache, @@ -99,7 +91,6 @@ static struct ip6tables_match condition = { .size = IP6T_ALIGN(sizeof(struct condition6_info)), .userspacesize = IP6T_ALIGN(sizeof(struct condition6_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_eui64.c b/extensions/libip6t_eui64.c index f8962c60..c74b04db 100644 --- a/extensions/libip6t_eui64.c +++ b/extensions/libip6t_eui64.c @@ -26,14 +26,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -71,7 +63,6 @@ static struct ip6tables_match eui64 = { .size = IP6T_ALIGN(sizeof(int)), .userspacesize = IP6T_ALIGN(sizeof(int)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_fuzzy.c b/extensions/libip6t_fuzzy.c index 65c2acfd..749ddc8f 100644 --- a/extensions/libip6t_fuzzy.c +++ b/extensions/libip6t_fuzzy.c @@ -44,8 +44,6 @@ static void init(struct ip6t_entry_match *m, unsigned int *nfcache) { struct ip6t_fuzzy_info *presentinfo = (struct ip6t_fuzzy_info *)(m)->data; - *nfcache |= NFC_UNKNOWN; - /* * Default rates ( I'll improve this very soon with something based * on real statistics of the running machine ) . diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c index 2d068b8a..208da33f 100644 --- a/extensions/libip6t_hl.c +++ b/extensions/libip6t_hl.c @@ -25,12 +25,6 @@ static void help(void) , IPTABLES_VERSION); } -static void init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; -} - static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ip6t_entry *entry, unsigned int *nfcache, struct ip6t_entry_match **match) @@ -141,7 +135,6 @@ struct ip6tables_match hl = { .size = IP6T_ALIGN(sizeof(struct ip6t_hl_info)), .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_hl_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_icmpv6.c b/extensions/libip6t_icmpv6.c index 62ee90f5..a29bb389 100644 --- a/extensions/libip6t_icmpv6.c +++ b/extensions/libip6t_icmpv6.c @@ -90,7 +90,7 @@ static struct option opts[] = { {0} }; -static unsigned int +static void parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[]) { unsigned int limit = sizeof(icmpv6_codes)/sizeof(struct icmpv6_names); @@ -141,10 +141,6 @@ parse_icmpv6(const char *icmpv6type, u_int8_t *type, u_int8_t code[]) code[1] = 0xFF; } } - - if (code[0] == 0 && code[1] == 0xFF) - return NFC_IP6_SRC_PT; - else return NFC_IP6_SRC_PT | NFC_IP6_DST_PT; } /* Initialize the match. */ @@ -169,9 +165,8 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': check_inverse(optarg, &invert, &optind, 0); - *nfcache |= parse_icmpv6(argv[optind-1], - &icmpv6info->type, - icmpv6info->code); + parse_icmpv6(argv[optind-1], &icmpv6info->type, + icmpv6info->code); if (invert) icmpv6info->invflags |= IP6T_ICMP_INV; break; diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index a06ced6e..a260e6e1 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -162,8 +162,6 @@ init(struct ip6t_entry_match *m, unsigned int *nfcache) info->matchflags = 0x00; info->invflags = 0x00; info->modeflag = 0x00; - /* No caching (yet) */ - *nfcache |= NFC_UNKNOWN; } static unsigned int diff --git a/extensions/libip6t_length.c b/extensions/libip6t_length.c index 0d531aea..c944c65e 100644 --- a/extensions/libip6t_length.c +++ b/extensions/libip6t_length.c @@ -26,13 +26,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - static u_int16_t parse_length(const char *s) { @@ -146,7 +139,6 @@ struct ip6tables_match length = { .size = IP6T_ALIGN(sizeof(struct ip6t_length_info)), .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_length_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c index 927b6d14..6c88ee1c 100644 --- a/extensions/libip6t_limit.c +++ b/extensions/libip6t_limit.c @@ -81,8 +81,6 @@ init(struct ip6t_entry_match *m, unsigned int *nfcache) parse_rate(IP6T_LIMIT_AVG, &r->avg); r->burst = IP6T_LIMIT_BURST; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* FIXME: handle overflow: diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c index 353f7461..e47f21f6 100644 --- a/extensions/libip6t_mac.c +++ b/extensions/libip6t_mac.c @@ -28,14 +28,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static void parse_mac(const char *mac, struct ip6t_mac_info *info) { @@ -134,7 +126,6 @@ static struct ip6tables_match mac = { .size = IP6T_ALIGN(sizeof(struct ip6t_mac_info)), .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mac_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c index 54a279e2..b831cfe4 100644 --- a/extensions/libip6t_mark.c +++ b/extensions/libip6t_mark.c @@ -25,14 +25,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -137,7 +129,6 @@ static struct ip6tables_match mark = { .size = IP6T_ALIGN(sizeof(struct ip6t_mark_info)), .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mark_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_multiport.c b/extensions/libip6t_multiport.c index c12e1bdb..013241b2 100644 --- a/extensions/libip6t_multiport.c +++ b/extensions/libip6t_multiport.c @@ -117,7 +117,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); multiinfo->flags = IP6T_MULTIPORT_SOURCE; - *nfcache |= NFC_IP6_SRC_PT; break; case '2': @@ -126,7 +125,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); multiinfo->flags = IP6T_MULTIPORT_DESTINATION; - *nfcache |= NFC_IP6_DST_PT; break; case '3': @@ -135,7 +133,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); multiinfo->flags = IP6T_MULTIPORT_EITHER; - *nfcache |= NFC_IP6_SRC_PT | NFC_IP6_DST_PT; break; default: diff --git a/extensions/libip6t_nth.c b/extensions/libip6t_nth.c index 26eeb26e..19b13f79 100644 --- a/extensions/libip6t_nth.c +++ b/extensions/libip6t_nth.c @@ -50,13 +50,6 @@ static struct option opts[] = { { 0 } }; -/* Initialize the target. */ -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - #define IP6T_NTH_OPT_EVERY 0x01 #define IP6T_NTH_OPT_NOT_EVERY 0x02 #define IP6T_NTH_OPT_START 0x04 @@ -223,7 +216,6 @@ struct ip6tables_match nth = { .size = IP6T_ALIGN(sizeof(struct ip6t_nth_info)), .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_nth_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c index ec5c4fd5..6f27ebb6 100644 --- a/extensions/libip6t_owner.c +++ b/extensions/libip6t_owner.c @@ -47,14 +47,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ip6t_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -243,7 +235,6 @@ static struct ip6tables_match owner = { .size = IP6T_ALIGN(sizeof(struct ip6t_owner_info)), .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_owner_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libip6t_random.c b/extensions/libip6t_random.c index f32c009a..d34a2308 100644 --- a/extensions/libip6t_random.c +++ b/extensions/libip6t_random.c @@ -52,7 +52,6 @@ static void init(struct ip6t_entry_match *m, unsigned int *nfcache) { struct ip6t_rand_info *randinfo = (struct ip6t_rand_info *)(m)->data; - *nfcache |= NFC_UNKNOWN; /* We assign the average to be 50 which is our default value */ /* 50 * 2.55 = 128 */ diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c index 5c665942..a0491280 100644 --- a/extensions/libip6t_tcp.c +++ b/extensions/libip6t_tcp.c @@ -187,7 +187,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) tcpinfo->invflags |= IP6T_TCP_INV_SRCPT; *flags |= TCP_SRC_PORTS; - *nfcache |= NFC_IP6_SRC_PT; break; case '2': @@ -199,7 +198,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) tcpinfo->invflags |= IP6T_TCP_INV_DSTPT; *flags |= TCP_DST_PORTS; - *nfcache |= NFC_IP6_DST_PT; break; case '3': @@ -209,7 +207,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, " allowed"); parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert); *flags |= TCP_FLAGS; - *nfcache |= NFC_IP6_TCPFLAGS; break; case '4': @@ -228,7 +225,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, invert); optind++; *flags |= TCP_FLAGS; - *nfcache |= NFC_IP6_TCPFLAGS; break; case '5': @@ -240,7 +236,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) tcpinfo->invflags |= IP6T_TCP_INV_OPTION; *flags |= TCP_OPTION; - *nfcache |= NFC_IP6_PROTO_UNKNOWN; break; default: diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c index 73e1d1e9..842581d9 100644 --- a/extensions/libip6t_udp.c +++ b/extensions/libip6t_udp.c @@ -109,7 +109,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) udpinfo->invflags |= IP6T_UDP_INV_SRCPT; *flags |= UDP_SRC_PORTS; - *nfcache |= NFC_IP6_SRC_PT; break; case '2': @@ -121,7 +120,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) udpinfo->invflags |= IP6T_UDP_INV_DSTPT; *flags |= UDP_DST_PORTS; - *nfcache |= NFC_IP6_DST_PT; break; default: diff --git a/extensions/libipt_BALANCE.c b/extensions/libipt_BALANCE.c index 1b97ea2e..6d6392f8 100644 --- a/extensions/libipt_BALANCE.c +++ b/extensions/libipt_BALANCE.c @@ -35,8 +35,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Parses range of IPs */ diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 96a6e6b5..94d04e8e 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -33,14 +33,6 @@ static struct option opts[] = { { 0 } }; -/* Initialize the target. */ -static void -init(struct ipt_entry_target *t, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static struct ipt_natinfo * append_range(struct ipt_natinfo *info, const struct ip_nat_range *range) { @@ -236,7 +228,6 @@ static struct iptables_target dnat = { .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)), .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_IPMARK.c b/extensions/libipt_IPMARK.c index 3a557fe7..3e0942de 100644 --- a/extensions/libipt_IPMARK.c +++ b/extensions/libipt_IPMARK.c @@ -53,7 +53,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) ipmarkinfo->andmask=0xffffffff; ipmarkinfo->ormask=0; - *nfcache |= NFC_UNKNOWN; } /* Function which parses command options; returns true if it diff --git a/extensions/libipt_IPV4OPTSSTRIP.c b/extensions/libipt_IPV4OPTSSTRIP.c index c154ef53..d0305e63 100644 --- a/extensions/libipt_IPV4OPTSSTRIP.c +++ b/extensions/libipt_IPV4OPTSSTRIP.c @@ -13,11 +13,6 @@ #include #include -static void init(struct ipt_entry_target *t, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - static void help(void) { printf("IPV4OPTSSTRIP v%s target takes no option !! Make sure you use it in the mangle table.\n", @@ -66,7 +61,6 @@ static struct iptables_target IPV4OPTSSTRIP = { .size = IPT_ALIGN(0), .userspacesize = IPT_ALIGN(0), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 39d6fb0b..74d65552 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -50,8 +50,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) loginfo->level = LOG_DEFAULT_LEVEL; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } struct ipt_log_names { diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 31af1203..b661012e 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -33,8 +33,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Parses ports */ diff --git a/extensions/libipt_NETLINK.c b/extensions/libipt_NETLINK.c index 9cc190c2..403c4139 100644 --- a/extensions/libipt_NETLINK.c +++ b/extensions/libipt_NETLINK.c @@ -32,7 +32,6 @@ static void init(struct ipt_entry_target *t, unsigned int *nfcache) nld->flags=0; - *nfcache |= NFC_UNKNOWN; } /* Parse command options */ diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index 81d0e5c6..a39c731e 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -63,8 +63,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Parses network address */ diff --git a/extensions/libipt_POOL.c b/extensions/libipt_POOL.c index 0ce9f209..95756bc5 100644 --- a/extensions/libipt_POOL.c +++ b/extensions/libipt_POOL.c @@ -51,8 +51,6 @@ init(struct ipt_entry_target *target, unsigned int *nfcache) ipi->src = ipi->dst = IP_POOL_NONE; ipi->flags = 0; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Function which parses command options; returns true if it diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index b40cb496..1395f62e 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -33,8 +33,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Parses ports */ diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index 4b08e453..f9823315 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -94,8 +94,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) /* default */ reject->with = IPT_ICMP_PORT_UNREACHABLE; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Function which parses command options; returns true if it diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 65455017..4eda2237 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -43,8 +43,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache) mr->info = 0; mr->ipnum = 0; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* Parses range of IPs */ diff --git a/extensions/libipt_SET.c b/extensions/libipt_SET.c index 2cf483c4..91d1a47a 100644 --- a/extensions/libipt_SET.c +++ b/extensions/libipt_SET.c @@ -51,8 +51,6 @@ static void init(struct ipt_entry_target *target, unsigned int *nfcache) info->add_set.index = info->del_set.index = IP_SET_INVALID_ID; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } static void diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index f10d0418..7510f6e7 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -33,14 +33,6 @@ static struct option opts[] = { { 0 } }; -/* Initialize the target. */ -static void -init(struct ipt_entry_target *t, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static struct ipt_natinfo * append_range(struct ipt_natinfo *info, const struct ip_nat_range *range) { @@ -236,7 +228,6 @@ static struct iptables_target snat = { .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)), .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_TARPIT.c b/extensions/libipt_TARPIT.c index 1d1b0639..b12cbc2c 100644 --- a/extensions/libipt_TARPIT.c +++ b/extensions/libipt_TARPIT.c @@ -15,13 +15,6 @@ static struct option opts[] = { { 0 } }; -static void -init(struct ipt_entry_target *t, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, @@ -52,7 +45,6 @@ static struct iptables_target tarpit = { .size = IPT_ALIGN(0), .userspacesize = IPT_ALIGN(0), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_TCPLAG.c b/extensions/libipt_TCPLAG.c index 27361e7c..b6166c00 100644 --- a/extensions/libipt_TCPLAG.c +++ b/extensions/libipt_TCPLAG.c @@ -70,18 +70,6 @@ static const struct option opts[] = * our own private data structure (which is at t->data). * Probably we could fiddle with t->tflags too but there is * no great advantage in doing so. - * - * TODO: Find documentation for the above flags which - * can be ored into nfcache... - * - * NFC_IP6_DST_PT - * NFC_IP6_PROTO_UNKNOWN - * NFC_IP6_SRC_PT - * NFC_IP6_TCPFLAGS - * NFC_IP_DST_PT - * NFC_IP_SRC_PT - * NFC_IP_TOS - * NFC_UNKNOWN -- This one seems safest */ static void init( struct ipt_entry_target *t, unsigned int *nfcache ) { @@ -89,7 +77,6 @@ static void init( struct ipt_entry_target *t, unsigned int *nfcache ) memset( el, 0, sizeof( struct ipt_tcplag )); el->level = 4; /* Default to warning level */ strcpy( el->prefix, "TCPLAG:" ); /* Give a reasonable default prefix */ - *nfcache |= NFC_UNKNOWN; } /* diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c index e0731416..81e0aea9 100644 --- a/extensions/libipt_ULOG.c +++ b/extensions/libipt_ULOG.c @@ -60,8 +60,6 @@ static void init(struct ipt_entry_target *t, unsigned int *nfcache) loginfo->nl_group = ULOG_DEFAULT_NLGROUP; loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } #define IPT_LOG_OPT_NLGROUP 0x01 diff --git a/extensions/libipt_account.c b/extensions/libipt_account.c index 86af85d1..d049a03d 100644 --- a/extensions/libipt_account.c +++ b/extensions/libipt_account.c @@ -168,7 +168,6 @@ static void init(struct ipt_entry_match *match, struct t_ipt_account_info *info = (struct t_ipt_account_info *)(match)->data; - *nfcache |= NFC_UNKNOWN; /* set default table name to DEFAULT */ strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN); diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c index 9a82cc5c..d8e19296 100644 --- a/extensions/libipt_addrtype.c +++ b/extensions/libipt_addrtype.c @@ -48,12 +48,6 @@ static void help(void) help_types(); } -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; -} - static int parse_type(const char *name, size_t strlen, u_int16_t *mask) { @@ -199,7 +193,6 @@ struct iptables_match addrtype = { .size = IPT_ALIGN(sizeof(struct ipt_addrtype_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_addrtype_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_childlevel.c b/extensions/libipt_childlevel.c index bc9f0ad9..1018c9e0 100644 --- a/extensions/libipt_childlevel.c +++ b/extensions/libipt_childlevel.c @@ -39,12 +39,6 @@ static struct option opts[] = { { .name = 0 } }; -/* Initialize the match. */ -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfcache, @@ -108,7 +102,6 @@ static struct iptables_match childlevel = { .size = IPT_ALIGN(sizeof(struct ipt_childlevel_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_childlevel_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_comment.c b/extensions/libipt_comment.c index 253b267f..c543fc69 100644 --- a/extensions/libipt_comment.c +++ b/extensions/libipt_comment.c @@ -29,13 +29,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - static void parse_comment(const unsigned char *s, struct ipt_comment_info *info) { @@ -113,7 +106,6 @@ static struct iptables_match comment = { .size = IPT_ALIGN(sizeof(struct ipt_comment_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_comment_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_condition.c b/extensions/libipt_condition.c index 553739d0..16558fe6 100644 --- a/extensions/libipt_condition.c +++ b/extensions/libipt_condition.c @@ -24,14 +24,6 @@ static struct option opts[] = { { .name = 0 } }; - -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - - static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfcache, @@ -99,7 +91,6 @@ static struct iptables_match condition = { .size = IPT_ALIGN(sizeof(struct condition_info)), .userspacesize = IPT_ALIGN(sizeof(struct condition_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_connbytes.c b/extensions/libipt_connbytes.c index 2d61a4af..2f53bac5 100644 --- a/extensions/libipt_connbytes.c +++ b/extensions/libipt_connbytes.c @@ -27,14 +27,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static void parse_range(const char *arg, struct ipt_connbytes_info *si) { @@ -199,7 +191,6 @@ static struct iptables_match state = { .size = IPT_ALIGN(sizeof(struct ipt_connbytes_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_connbytes_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c index 54f02112..17b4d13b 100644 --- a/extensions/libipt_connlimit.c +++ b/extensions/libipt_connlimit.c @@ -26,14 +26,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -127,7 +119,6 @@ static struct iptables_match connlimit = { .size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)), .userspacesize = offsetof(struct ipt_connlimit_info,data), .help = help, - .init = init, .parse = parse, .final_check = final_check, .print = print, diff --git a/extensions/libipt_connrate.c b/extensions/libipt_connrate.c index 3c76a70d..47c5fcbb 100644 --- a/extensions/libipt_connrate.c +++ b/extensions/libipt_connrate.c @@ -34,14 +34,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; -} - static u_int32_t parse_value(const char *arg, u_int32_t def) { @@ -174,7 +166,6 @@ static struct iptables_match state = { .size = IPT_ALIGN(sizeof(struct ipt_connrate_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_connrate_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c index 6ec77dc4..55216848 100644 --- a/extensions/libipt_conntrack.c +++ b/extensions/libipt_conntrack.c @@ -56,14 +56,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static int parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo) { @@ -538,7 +530,6 @@ static struct iptables_match conntrack = { .size = IPT_ALIGN(sizeof(struct ipt_conntrack_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_conntrack_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_dscp.c b/extensions/libipt_dscp.c index b4e8b526..4520a6a7 100644 --- a/extensions/libipt_dscp.c +++ b/extensions/libipt_dscp.c @@ -24,11 +24,6 @@ /* This is evil, but it's my code - HW*/ #include "libipt_dscp_helper.c" -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_IP_TOS; -} - static void help(void) { printf( @@ -164,7 +159,6 @@ static struct iptables_match dscp = { .size = IPT_ALIGN(sizeof(struct ipt_dscp_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_dscp_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_dstlimit.c b/extensions/libipt_dstlimit.c index 0d4dc09f..3f3b6330 100644 --- a/extensions/libipt_dstlimit.c +++ b/extensions/libipt_dstlimit.c @@ -105,8 +105,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) r->cfg.gc_interval = IPT_DSTLIMIT_GCINTERVAL; r->cfg.expire = IPT_DSTLIMIT_EXPIRE; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } #define PARAM_LIMIT 0x00000001 diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c index d7b7f3b1..97e839da 100644 --- a/extensions/libipt_ecn.c +++ b/extensions/libipt_ecn.c @@ -16,11 +16,6 @@ #include #include -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_IP_TOS; -} - static void help(void) { printf( @@ -163,7 +158,6 @@ struct iptables_match ecn .size = IPT_ALIGN(sizeof(struct ipt_ecn_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_ecn_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_fuzzy.c b/extensions/libipt_fuzzy.c index 40e071d4..d574db8a 100644 --- a/extensions/libipt_fuzzy.c +++ b/extensions/libipt_fuzzy.c @@ -43,7 +43,6 @@ static void init(struct ipt_entry_match *m, unsigned int *nfcache) { struct ipt_fuzzy_info *presentinfo = (struct ipt_fuzzy_info *)(m)->data; - *nfcache |= NFC_UNKNOWN; /* * Default rates ( I'll improve this very soon with something based diff --git a/extensions/libipt_hashlimit.c b/extensions/libipt_hashlimit.c index 1df36b4c..6fb0eccb 100644 --- a/extensions/libipt_hashlimit.c +++ b/extensions/libipt_hashlimit.c @@ -104,8 +104,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) r->cfg.gc_interval = IPT_HASHLIMIT_GCINTERVAL; r->cfg.expire = IPT_HASHLIMIT_EXPIRE; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } diff --git a/extensions/libipt_helper.c b/extensions/libipt_helper.c index 10b39d74..7c9f3e3c 100644 --- a/extensions/libipt_helper.c +++ b/extensions/libipt_helper.c @@ -24,14 +24,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -96,7 +88,6 @@ static struct iptables_match helper = { .version = IPTABLES_VERSION, .size = IPT_ALIGN(sizeof(struct ipt_helper_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 32c04f6d..9d45c8c6 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -114,7 +114,7 @@ static struct option opts[] = { {0} }; -static unsigned int +static void parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[]) { unsigned int limit = sizeof(icmp_codes)/sizeof(struct icmp_names); @@ -165,10 +165,6 @@ parse_icmp(const char *icmptype, u_int8_t *type, u_int8_t code[]) code[1] = 0xFF; } } - - if (code[0] == 0 && code[1] == 0xFF) - return NFC_IP_SRC_PT; - else return NFC_IP_SRC_PT | NFC_IP_DST_PT; } /* Initialize the match. */ @@ -194,9 +190,8 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': check_inverse(optarg, &invert, &optind, 0); - *nfcache |= parse_icmp(argv[optind-1], - &icmpinfo->type, - icmpinfo->code); + parse_icmp(argv[optind-1], &icmpinfo->type, + icmpinfo->code); if (invert) icmpinfo->invflags |= IPT_ICMP_INV; break; diff --git a/extensions/libipt_iprange.c b/extensions/libipt_iprange.c index 7d5c1334..2ada8e27 100644 --- a/extensions/libipt_iprange.c +++ b/extensions/libipt_iprange.c @@ -26,14 +26,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - static void parse_iprange(char *arg, struct ipt_iprange *range) { @@ -180,7 +172,6 @@ static struct iptables_match iprange = { .size = IPT_ALIGN(sizeof(struct ipt_iprange_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_iprange_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_ipv4options.c b/extensions/libipt_ipv4options.c index dd3e80a8..3d3b2360 100644 --- a/extensions/libipt_ipv4options.c +++ b/extensions/libipt_ipv4options.c @@ -35,14 +35,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -306,7 +298,6 @@ static struct iptables_match ipv4options_struct = { .size = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_length.c b/extensions/libipt_length.c index fcd14bcb..cfac1c5f 100644 --- a/extensions/libipt_length.c +++ b/extensions/libipt_length.c @@ -25,13 +25,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - static u_int16_t parse_length(const char *s) { @@ -145,7 +138,6 @@ static struct iptables_match length = { .size = IPT_ALIGN(sizeof(struct ipt_length_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_length_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c index ad5e2733..7f0337ae 100644 --- a/extensions/libipt_limit.c +++ b/extensions/libipt_limit.c @@ -81,8 +81,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) parse_rate(IPT_LIMIT_AVG, &r->avg); r->burst = IPT_LIMIT_BURST; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } /* FIXME: handle overflow: diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c index 30da7fab..bac85125 100644 --- a/extensions/libipt_mac.c +++ b/extensions/libipt_mac.c @@ -28,14 +28,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static void parse_mac(const char *mac, struct ipt_mac_info *info) { @@ -135,7 +127,6 @@ static struct iptables_match mac = { .size = IPT_ALIGN(sizeof(struct ipt_mac_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_mac_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c index 1e031ca8..1922768e 100644 --- a/extensions/libipt_mark.c +++ b/extensions/libipt_mark.c @@ -25,14 +25,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -138,7 +130,6 @@ static struct iptables_match mark = { .size = IPT_ALIGN(sizeof(struct ipt_mark_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_mport.c b/extensions/libipt_mport.c index 63acbd9b..a387b214 100644 --- a/extensions/libipt_mport.c +++ b/extensions/libipt_mport.c @@ -140,7 +140,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, proto = check_proto(entry); parse_multi_ports(argv[optind-1], minfo, proto); minfo->flags = IPT_MPORT_SOURCE; - *nfcache |= NFC_IP_SRC_PT; break; case '2': @@ -148,7 +147,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, proto = check_proto(entry); parse_multi_ports(argv[optind-1], minfo, proto); minfo->flags = IPT_MPORT_DESTINATION; - *nfcache |= NFC_IP_DST_PT; break; case '3': @@ -156,7 +154,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, proto = check_proto(entry); parse_multi_ports(argv[optind-1], minfo, proto); minfo->flags = IPT_MPORT_EITHER; - *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT; break; default: diff --git a/extensions/libipt_multiport.c b/extensions/libipt_multiport.c index 7fb6d72f..9f5193fa 100644 --- a/extensions/libipt_multiport.c +++ b/extensions/libipt_multiport.c @@ -179,7 +179,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); multiinfo->flags = IPT_MULTIPORT_SOURCE; - *nfcache |= NFC_IP_SRC_PT; break; case '2': @@ -188,7 +187,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); multiinfo->flags = IPT_MULTIPORT_DESTINATION; - *nfcache |= NFC_IP_DST_PT; break; case '3': @@ -197,7 +195,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, multiinfo->count = parse_multi_ports(argv[optind-1], multiinfo->ports, proto); multiinfo->flags = IPT_MULTIPORT_EITHER; - *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT; break; default: @@ -231,7 +228,6 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags, proto = check_proto(entry); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = IPT_MULTIPORT_SOURCE; - *nfcache |= NFC_IP_SRC_PT; break; case '2': @@ -239,7 +235,6 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags, proto = check_proto(entry); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = IPT_MULTIPORT_DESTINATION; - *nfcache |= NFC_IP_DST_PT; break; case '3': @@ -247,7 +242,6 @@ parse_v1(int c, char **argv, int invert, unsigned int *flags, proto = check_proto(entry); parse_multi_ports_v1(argv[optind-1], multiinfo, proto); multiinfo->flags = IPT_MULTIPORT_EITHER; - *nfcache |= NFC_IP_SRC_PT | NFC_IP_DST_PT; break; default: diff --git a/extensions/libipt_nth.c b/extensions/libipt_nth.c index 569b1ade..6f483b9f 100644 --- a/extensions/libipt_nth.c +++ b/extensions/libipt_nth.c @@ -50,13 +50,6 @@ static struct option opts[] = { { 0 } }; -/* Initialize the target. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - #define IPT_NTH_OPT_EVERY 0x01 #define IPT_NTH_OPT_NOT_EVERY 0x02 #define IPT_NTH_OPT_START 0x04 @@ -224,7 +217,6 @@ static struct iptables_match nth = { .size = IPT_ALIGN(sizeof(struct ipt_nth_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_nth_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_osf.c b/extensions/libipt_osf.c index 3c758c21..e3610fce 100644 --- a/extensions/libipt_osf.c +++ b/extensions/libipt_osf.c @@ -54,13 +54,6 @@ static struct option opts[] = { { .name = 0 } }; - -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - - static void parse_string(const unsigned char *s, struct ipt_osf_info *info) { if (strlen(s) < MAXGENRELEN) @@ -142,7 +135,6 @@ static struct iptables_match osf_match = { .size = IPT_ALIGN(sizeof(struct ipt_osf_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_osf_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c index 46da9e33..cf13cb97 100644 --- a/extensions/libipt_owner.c +++ b/extensions/libipt_owner.c @@ -49,14 +49,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -245,7 +237,6 @@ static struct iptables_match owner = { .size = IPT_ALIGN(sizeof(struct ipt_owner_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_owner_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_pkttype.c b/extensions/libipt_pkttype.c index af220955..ea6439ef 100644 --- a/extensions/libipt_pkttype.c +++ b/extensions/libipt_pkttype.c @@ -69,11 +69,6 @@ static struct option opts[] = { {0} }; -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - static void parse_pkttype(const char *pkttype, struct ipt_pkttype_info *info) { unsigned int i; @@ -159,7 +154,6 @@ static struct iptables_match pkttype = { .size = IPT_ALIGN(sizeof(struct ipt_pkttype_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_pkttype_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_pool.c b/extensions/libipt_pool.c index 7e204dad..0d649203 100644 --- a/extensions/libipt_pool.c +++ b/extensions/libipt_pool.c @@ -43,8 +43,6 @@ init(struct ipt_entry_match *match, unsigned int *nfcache) info->src = IP_POOL_NONE; info->dst = IP_POOL_NONE; info->flags = 0; - /* Can't cache this - XXX */ - *nfcache |= NFC_UNKNOWN; } /* Function which parses command options; returns true if it ate an option */ diff --git a/extensions/libipt_psd.c b/extensions/libipt_psd.c index e150e09e..3d0034ab 100644 --- a/extensions/libipt_psd.c +++ b/extensions/libipt_psd.c @@ -56,8 +56,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD; psdinfo->lo_ports_weight = PORT_WEIGHT_PRIV; psdinfo->hi_ports_weight = PORT_WEIGHT_HIGH; - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; } diff --git a/extensions/libipt_quota.c b/extensions/libipt_quota.c index b0de7adb..a9c138c5 100644 --- a/extensions/libipt_quota.c +++ b/extensions/libipt_quota.c @@ -24,14 +24,6 @@ help(void) " --quota quota quota (bytes)\n" "\n"); } -/* initialise match */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* no can cache */ - *nfcache |= NFC_UNKNOWN; -} - /* print matchinfo */ static void print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric) @@ -100,7 +92,6 @@ struct iptables_match quota = { .size = IPT_ALIGN(sizeof (struct ipt_quota_info)), .userspacesize = IPT_ALIGN(sizeof (struct ipt_quota_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_random.c b/extensions/libipt_random.c index fd815bbc..d28ab8ce 100644 --- a/extensions/libipt_random.c +++ b/extensions/libipt_random.c @@ -51,7 +51,6 @@ static void init(struct ipt_entry_match *m, unsigned int *nfcache) { struct ipt_rand_info *randinfo = (struct ipt_rand_info *)(m)->data; - *nfcache |= NFC_UNKNOWN; /* We assign the average to be 50 which is our default value */ /* 50 * 2.55 = 128 */ diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c index ec9d3e34..90e60897 100644 --- a/extensions/libipt_realm.c +++ b/extensions/libipt_realm.c @@ -28,14 +28,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -122,7 +114,6 @@ static struct iptables_match realm = { NULL, .size = IPT_ALIGN(sizeof(struct ipt_realm_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_realm_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c index a3942720..0b0ed2d1 100644 --- a/extensions/libipt_recent.c +++ b/extensions/libipt_recent.c @@ -72,7 +72,6 @@ init(struct ipt_entry_match *match, unsigned int *nfcache) { struct ipt_recent_info *info = (struct ipt_recent_info *)(match)->data; - *nfcache |= NFC_UNKNOWN; strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN); /* eventhough IPT_RECENT_NAME_LEN is currently defined as 200, diff --git a/extensions/libipt_record_rpc.c b/extensions/libipt_record_rpc.c index 819c8ef6..571d286b 100644 --- a/extensions/libipt_record_rpc.c +++ b/extensions/libipt_record_rpc.c @@ -16,14 +16,6 @@ static struct option opts[] = { {0} }; -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - - /* Function which parses command options; returns true if it ate an option */ static int @@ -53,19 +45,18 @@ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) } static -struct iptables_match record_rpc -= { NULL, - "record_rpc", - IPTABLES_VERSION, - IPT_ALIGN(0), - IPT_ALIGN(0), - &help, - &init, - &parse, - &final_check, - &print, - &save, - opts +struct iptables_match record_rpc = { + .next = NULL, + .name = "record_rpc", + .version = IPTABLES_VERSION, + .size = IPT_ALIGN(0), + .userspacesize = IPT_ALIGN(0), + .help = &help, + .parse = &parse, + .final_check = &final_check, + .print = &print, + .save = &save, + .extra_opts = opts }; void _init(void) diff --git a/extensions/libipt_rpc.c b/extensions/libipt_rpc.c index 07177959..f6e897ac 100644 --- a/extensions/libipt_rpc.c +++ b/extensions/libipt_rpc.c @@ -180,8 +180,6 @@ static void init(struct ipt_entry_match *match, unsigned int *nfcache) struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data); - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; /* initialise those funky user vars */ rpcinfo->i_procs = -1; diff --git a/extensions/libipt_sctp.c b/extensions/libipt_sctp.c index f12403c5..af35f9ce 100644 --- a/extensions/libipt_sctp.c +++ b/extensions/libipt_sctp.c @@ -293,7 +293,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) einfo->invflags |= IPT_SCTP_SRC_PORTS; *flags |= IPT_SCTP_SRC_PORTS; - *nfcache |= NFC_IP_SRC_PT; break; case '2': @@ -306,7 +305,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) einfo->invflags |= IPT_SCTP_DEST_PORTS; *flags |= IPT_SCTP_DEST_PORTS; - *nfcache |= NFC_IP_DST_PT; break; case '3': diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c index 7ab78ff7..e485f054 100644 --- a/extensions/libipt_set.c +++ b/extensions/libipt_set.c @@ -47,8 +47,6 @@ static void init(struct ipt_entry_match *match, unsigned int *nfcache) memset(info, 0, sizeof(struct ipt_set_info_match)); - /* Can't cache this - XXX */ - *nfcache |= NFC_UNKNOWN; } /* Function which parses command options; returns true if it ate an option */ diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c index 8e6a90c5..acafe9a7 100644 --- a/extensions/libipt_state.c +++ b/extensions/libipt_state.c @@ -28,14 +28,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this */ - *nfcache |= NFC_UNKNOWN; -} - static int parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo) { @@ -158,7 +150,6 @@ static struct iptables_match state = { .size = IPT_ALIGN(sizeof(struct ipt_state_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_state_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c index 2ffdb74e..508eb90b 100644 --- a/extensions/libipt_string.c +++ b/extensions/libipt_string.c @@ -44,15 +44,6 @@ static struct option opts[] = { { .name = 0 } }; - -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - - static void parse_string(const unsigned char *s, struct ipt_string_info *info) { @@ -279,7 +270,6 @@ static struct iptables_match string = { .size = IPT_ALIGN(sizeof(struct ipt_string_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_string_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c index 57515006..6f9ea06a 100644 --- a/extensions/libipt_tcp.c +++ b/extensions/libipt_tcp.c @@ -187,7 +187,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) tcpinfo->invflags |= IPT_TCP_INV_SRCPT; *flags |= TCP_SRC_PORTS; - *nfcache |= NFC_IP_SRC_PT; break; case '2': @@ -199,7 +198,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) tcpinfo->invflags |= IPT_TCP_INV_DSTPT; *flags |= TCP_DST_PORTS; - *nfcache |= NFC_IP_DST_PT; break; case '3': @@ -209,7 +207,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, " allowed"); parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert); *flags |= TCP_FLAGS; - *nfcache |= NFC_IP_TCPFLAGS; break; case '4': @@ -228,7 +225,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, invert); optind++; *flags |= TCP_FLAGS; - *nfcache |= NFC_IP_TCPFLAGS; break; case '5': @@ -240,7 +236,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) tcpinfo->invflags |= IPT_TCP_INV_OPTION; *flags |= TCP_OPTION; - *nfcache |= NFC_IP_PROTO_UNKNOWN; break; default: diff --git a/extensions/libipt_tcpmss.c b/extensions/libipt_tcpmss.c index d596ea74..9a399bbd 100644 --- a/extensions/libipt_tcpmss.c +++ b/extensions/libipt_tcpmss.c @@ -24,13 +24,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_IP_PROTO_UNKNOWN; -} - static u_int16_t parse_tcp_mssvalue(const char *mssvalue) { @@ -146,7 +139,6 @@ static struct iptables_match tcpmss = { .size = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_time.c b/extensions/libipt_time.c index cceab58d..dcf2dc67 100644 --- a/extensions/libipt_time.c +++ b/extensions/libipt_time.c @@ -57,8 +57,6 @@ init(struct ipt_entry_match *m, unsigned int *nfcache) { struct ipt_time_info *info = (struct ipt_time_info *)m->data; globaldays = 0; - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; /* By default, we match on everyday */ info->days_match = 127; /* By default, we match on every hour:min of the day */ diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c index 6241950a..7a10a502 100644 --- a/extensions/libipt_tos.c +++ b/extensions/libipt_tos.c @@ -47,13 +47,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_IP_TOS; -} - static void parse_tos(const unsigned char *s, struct ipt_tos_info *info) { @@ -166,7 +159,6 @@ static struct iptables_match tos = { .size = IPT_ALIGN(sizeof(struct ipt_tos_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_tos_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index 8d47dbec..3a25734b 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -24,12 +24,6 @@ static void help(void) , IPTABLES_VERSION); } -static void init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* caching not yet implemented */ - *nfcache |= NFC_UNKNOWN; -} - static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) @@ -156,7 +150,6 @@ static struct iptables_match ttl = { .size = IPT_ALIGN(sizeof(struct ipt_ttl_info)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_ttl_info)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_u32.c b/extensions/libipt_u32.c index c5f5b4d9..75045100 100644 --- a/extensions/libipt_u32.c +++ b/extensions/libipt_u32.c @@ -37,13 +37,6 @@ static struct option opts[] = { { 0 } }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - *nfcache |= NFC_UNKNOWN; -} - /* shared printing code */ static void print_u32(struct ipt_u32 *data) { @@ -257,7 +250,6 @@ struct iptables_match u32 = { .size = IPT_ALIGN(sizeof(struct ipt_u32)), .userspacesize = IPT_ALIGN(sizeof(struct ipt_u32)), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = &print, diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c index fb52cf01..f45f364c 100644 --- a/extensions/libipt_udp.c +++ b/extensions/libipt_udp.c @@ -109,7 +109,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) udpinfo->invflags |= IPT_UDP_INV_SRCPT; *flags |= UDP_SRC_PORTS; - *nfcache |= NFC_IP_SRC_PT; break; case '2': @@ -121,7 +120,6 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (invert) udpinfo->invflags |= IPT_UDP_INV_DSTPT; *flags |= UDP_DST_PORTS; - *nfcache |= NFC_IP_DST_PT; break; default: diff --git a/extensions/libipt_unclean.c b/extensions/libipt_unclean.c index a97b0f0e..7b9b3e42 100644 --- a/extensions/libipt_unclean.c +++ b/extensions/libipt_unclean.c @@ -17,14 +17,6 @@ static struct option opts[] = { {0} }; -/* Initialize the match. */ -static void -init(struct ipt_entry_match *m, unsigned int *nfcache) -{ - /* Can't cache this. */ - *nfcache |= NFC_UNKNOWN; -} - /* Function which parses command options; returns true if it ate an option */ static int @@ -49,7 +41,6 @@ struct iptables_match unclean = { .size = IPT_ALIGN(0), .userspacesize = IPT_ALIGN(0), .help = &help, - .init = &init, .parse = &parse, .final_check = &final_check, .print = NULL, diff --git a/ip6tables.c b/ip6tables.c index aa1e148b..de48f774 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1887,7 +1887,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) && (fw.ipv6.invflags & IP6T_INV_PROTO)) exit_error(PARAMETER_PROBLEM, "rule would never match protocol"); - fw.nfcache |= NFC_IP6_PROTO; break; case 's': @@ -1895,7 +1894,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) set_option(&options, OPT_SOURCE, &fw.ipv6.invflags, invert); shostnetworkmask = argv[optind-1]; - fw.nfcache |= NFC_IP6_SRC; break; case 'd': @@ -1903,7 +1901,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags, invert); dhostnetworkmask = argv[optind-1]; - fw.nfcache |= NFC_IP6_DST; break; case 'j': @@ -1935,7 +1932,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) parse_interface(argv[optind-1], fw.ipv6.iniface, fw.ipv6.iniface_mask); - fw.nfcache |= NFC_IP6_IF_IN; break; case 'o': @@ -1945,7 +1941,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) parse_interface(argv[optind-1], fw.ipv6.outiface, fw.ipv6.outiface_mask); - fw.nfcache |= NFC_IP6_IF_OUT; break; case 'v': diff --git a/iptables.c b/iptables.c index ace49992..06d04810 100644 --- a/iptables.c +++ b/iptables.c @@ -1987,7 +1987,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) && (fw.ip.invflags & IPT_INV_PROTO)) exit_error(PARAMETER_PROBLEM, "rule would never match protocol"); - fw.nfcache |= NFC_IP_PROTO; break; case 's': @@ -1995,7 +1994,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) set_option(&options, OPT_SOURCE, &fw.ip.invflags, invert); shostnetworkmask = argv[optind-1]; - fw.nfcache |= NFC_IP_SRC; break; case 'd': @@ -2003,7 +2001,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) set_option(&options, OPT_DESTINATION, &fw.ip.invflags, invert); dhostnetworkmask = argv[optind-1]; - fw.nfcache |= NFC_IP_DST; break; case 'j': @@ -2024,7 +2021,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) strcpy(target->t->u.user.name, jumpto); set_revision(target->t->u.user.name, target->revision); - target->init(target->t, &fw.nfcache); + if (target->init != NULL) + target->init(target->t, &fw.nfcache); opts = merge_options(opts, target->extra_opts, &target->option_offset); } break; @@ -2037,7 +2035,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) parse_interface(argv[optind-1], fw.ip.iniface, fw.ip.iniface_mask); - fw.nfcache |= NFC_IP_IF_IN; break; case 'o': @@ -2047,14 +2044,12 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) parse_interface(argv[optind-1], fw.ip.outiface, fw.ip.outiface_mask); - fw.nfcache |= NFC_IP_IF_OUT; break; case 'f': set_option(&options, OPT_FRAGMENT, &fw.ip.invflags, invert); fw.ip.flags |= IPT_F_FRAG; - fw.nfcache |= NFC_IP_FRAG; break; case 'v': @@ -2078,7 +2073,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) m->m->u.match_size = size; strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, m->revision); - m->init(m->m, &fw.nfcache); + if (m->init != NULL) + m->init(m->m, &fw.nfcache); opts = merge_options(opts, m->extra_opts, &m->option_offset); } break; @@ -2221,7 +2217,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) strcpy(m->m->u.user.name, m->name); set_revision(m->m->u.user.name, m->revision); - m->init(m->m, &fw.nfcache); + if (m->init != NULL) + m->init(m->m, &fw.nfcache); opts = merge_options(opts, m->extra_opts, &m->option_offset); @@ -2349,7 +2346,8 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) target->t->u.target_size = size; strcpy(target->t->u.user.name, jumpto); set_revision(target->t->u.user.name, target->revision); - target->init(target->t, &fw.nfcache); + if (target->init != NULL) + target->init(target->t, &fw.nfcache); } if (!target) { diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c index f623c78c..392a9de1 100644 --- a/libiptc/libip4tc.c +++ b/libiptc/libip4tc.c @@ -149,17 +149,6 @@ dump_entry(STRUCT_ENTRY *e, const TC_HANDLE_T handle) printf("Cache: %08X ", e->nfcache); if (e->nfcache & NFC_ALTERED) printf("ALTERED "); if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN "); - if (e->nfcache & NFC_IP_SRC) printf("IP_SRC "); - if (e->nfcache & NFC_IP_DST) printf("IP_DST "); - if (e->nfcache & NFC_IP_IF_IN) printf("IP_IF_IN "); - if (e->nfcache & NFC_IP_IF_OUT) printf("IP_IF_OUT "); - if (e->nfcache & NFC_IP_TOS) printf("IP_TOS "); - if (e->nfcache & NFC_IP_PROTO) printf("IP_PROTO "); - if (e->nfcache & NFC_IP_OPTIONS) printf("IP_OPTIONS "); - if (e->nfcache & NFC_IP_TCPFLAGS) printf("IP_TCPFLAGS "); - if (e->nfcache & NFC_IP_SRC_PT) printf("IP_SRC_PT "); - if (e->nfcache & NFC_IP_DST_PT) printf("IP_DST_PT "); - if (e->nfcache & NFC_IP_PROTO_UNKNOWN) printf("IP_PROTO_UNKNOWN "); printf("\n"); IPT_MATCH_ITERATE(e, print_match); diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c index 06b15fbc..1c1f14e5 100644 --- a/libiptc/libip6tc.c +++ b/libiptc/libip6tc.c @@ -180,17 +180,6 @@ dump_entry(struct ip6t_entry *e, const ip6tc_handle_t handle) printf("Cache: %08X ", e->nfcache); if (e->nfcache & NFC_ALTERED) printf("ALTERED "); if (e->nfcache & NFC_UNKNOWN) printf("UNKNOWN "); - if (e->nfcache & NFC_IP6_SRC) printf("IP6_SRC "); - if (e->nfcache & NFC_IP6_DST) printf("IP6_DST "); - if (e->nfcache & NFC_IP6_IF_IN) printf("IP6_IF_IN "); - if (e->nfcache & NFC_IP6_IF_OUT) printf("IP6_IF_OUT "); - if (e->nfcache & NFC_IP6_TOS) printf("IP6_TOS "); - if (e->nfcache & NFC_IP6_PROTO) printf("IP6_PROTO "); - if (e->nfcache & NFC_IP6_OPTIONS) printf("IP6_OPTIONS "); - if (e->nfcache & NFC_IP6_TCPFLAGS) printf("IP6_TCPFLAGS "); - if (e->nfcache & NFC_IP6_SRC_PT) printf("IP6_SRC_PT "); - if (e->nfcache & NFC_IP6_DST_PT) printf("IP6_DST_PT "); - if (e->nfcache & NFC_IP6_PROTO_UNKNOWN) printf("IP6_PROTO_UNKNOWN "); printf("\n"); IP6T_MATCH_ITERATE(e, print_match); -- cgit v1.2.3