From 630ef48037f3602333addfdb53789c9c6a4bb4c8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 14:58:41 +0100 Subject: libxtables: prefix/order - fw_xalloc It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 8327c426..e63d171e 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -140,6 +140,9 @@ struct xtables_target #endif }; +extern void *xtables_calloc(size_t, size_t); +extern void *xtables_malloc(size_t); + /* Your shared library should call one of these. */ extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); -- cgit v1.2.3 From c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaa Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:10:05 +0100 Subject: libxtables: prefix/order - modprobe and xtables.ko loading This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index e63d171e..2512d79f 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -140,9 +140,14 @@ struct xtables_target #endif }; +extern const char *xtables_modprobe_program; + extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); +extern int xtables_insmod(const char *, const char *, bool); +extern int xtables_load_ko(const char *, bool); + /* Your shared library should call one of these. */ extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); -- cgit v1.2.3 From 2338efd8f799d8373dc196c797bda9690283b698 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:23:01 +0100 Subject: libxtables: prefix/order - match/target loading This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 2512d79f..02a832db 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -140,7 +140,24 @@ struct xtables_target #endif }; +struct xtables_rule_match { + struct xtables_rule_match *next; + struct xtables_match *match; + /* Multiple matches of the same type: the ones before + the current one are completed from parsing point of view */ + bool completed; +}; + +enum xtables_tryload { + XTF_DONT_LOAD, + XTF_DURING_LOAD, + XTF_TRY_LOAD, + XTF_LOAD_MUST_SUCCEED, +}; + extern const char *xtables_modprobe_program; +extern struct xtables_match *xtables_matches; +extern struct xtables_target *xtables_targets; extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); @@ -148,6 +165,11 @@ extern void *xtables_malloc(size_t); extern int xtables_insmod(const char *, const char *, bool); extern int xtables_load_ko(const char *, bool); +extern struct xtables_match *xtables_find_match(const char *name, + enum xtables_tryload, struct xtables_rule_match **match); +extern struct xtables_target *xtables_find_target(const char *name, + enum xtables_tryload); + /* Your shared library should call one of these. */ extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); -- cgit v1.2.3 From 39bf9c8214d3073a496a8a1eff91046a8d6fbbdf Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 15:59:06 +0100 Subject: libxtables: prefix/order - libdir Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 1 + 1 file changed, 1 insertion(+) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 02a832db..268c42e4 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -159,6 +159,7 @@ extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; +extern void xtables_init(void); extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); -- cgit v1.2.3 From 5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 18:43:01 +0100 Subject: libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 268c42e4..f372d334 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -175,21 +175,9 @@ extern struct xtables_target *xtables_find_target(const char *name, extern void xtables_register_match(struct xtables_match *me); extern void xtables_register_target(struct xtables_target *me); -extern int string_to_number_ll(const char *s, - unsigned long long min, - unsigned long long max, - unsigned long long *ret); -extern int string_to_number_l(const char *s, - unsigned long min, - unsigned long max, - unsigned long *ret); -extern int string_to_number(const char *s, - unsigned int min, - unsigned int max, - unsigned int *ret); -extern bool strtonuml(const char *, char **, unsigned long *, +extern bool xtables_strtoul(const char *, char **, unsigned long *, unsigned long, unsigned long); -extern bool strtonum(const char *, char **, unsigned int *, +extern bool xtables_strtoui(const char *, char **, unsigned int *, unsigned int, unsigned int); extern int service_to_port(const char *name, const char *proto); extern u_int16_t parse_port(const char *port, const char *proto); -- cgit v1.2.3 From dacafa55379fd98212031d8c559096c91d7ce93b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 20:56:23 +0100 Subject: libxtables: prefix/order - program_name Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index f372d334..e1f9c926 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -1,6 +1,11 @@ #ifndef _XTABLES_H #define _XTABLES_H +/* + * Changing any structs/functions may incur a needed change + * in libxtables_vcurrent/vage too. + */ + #include /* PF_* */ #include #include @@ -20,10 +25,8 @@ #define IPPROTO_UDPLITE 136 #endif -#define XTABLES_VERSION "@PACKAGE_VERSION@" -#define XTABLES_VERSION_CODE (0x10000 * @XTABLES_VERSION_MAJOR@ + 0x100 * @XTABLES_VERSION_MINOR@ + @XTABLES_VERSION_PATCH@) - -#define XTABLES_API_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) +#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@" +#define XTABLES_VERSION_CODE @libxtables_vmajor@ struct in_addr; @@ -155,6 +158,7 @@ enum xtables_tryload { XTF_LOAD_MUST_SUCCEED, }; +extern const char *xtables_program_name; extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; @@ -202,7 +206,6 @@ int check_inverse(const char option[], int *invert, int *my_optind, int argc); void exit_error(enum exittype, const char *, ...)__attribute__((noreturn, format(printf,2,3))); extern void param_act(unsigned int, const char *, ...); -extern const char *program_name, *program_version; extern const char *ipaddr_to_numeric(const struct in_addr *); extern const char *ipaddr_to_anyname(const struct in_addr *); -- cgit v1.2.3 From a41545ca7cde43e0ba53260ba74bd9bf74025a68 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Jan 2009 21:27:19 +0100 Subject: libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index e1f9c926..e5737cb8 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -158,6 +158,17 @@ enum xtables_tryload { XTF_LOAD_MUST_SUCCEED, }; +enum xtables_exittype { + OTHER_PROBLEM = 1, + PARAMETER_PROBLEM, + VERSION_PROBLEM, + RESOURCE_PROBLEM, + XTF_ONLY_ONCE, + XTF_NO_INVERT, + XTF_BAD_VALUE, + XTF_ONE_ACTION, +}; + extern const char *xtables_program_name; extern const char *xtables_modprobe_program; extern struct xtables_match *xtables_matches; @@ -188,24 +199,13 @@ extern u_int16_t parse_port(const char *port, const char *proto); extern void parse_interface(const char *arg, char *vianame, unsigned char *mask); -enum exittype { - OTHER_PROBLEM = 1, - PARAMETER_PROBLEM, - VERSION_PROBLEM, - RESOURCE_PROBLEM, - P_ONLY_ONCE, - P_NO_INVERT, - P_BAD_VALUE, - P_ONE_ACTION, -}; - /* this is a special 64bit data type that is 8-byte aligned */ #define aligned_u64 u_int64_t __attribute__((aligned(8))) int check_inverse(const char option[], int *invert, int *my_optind, int argc); -void exit_error(enum exittype, const char *, ...)__attribute__((noreturn, - format(printf,2,3))); -extern void param_act(unsigned int, const char *, ...); +void exit_error(enum xtables_exittype, const char *, ...) + __attribute__((noreturn, format(printf,2,3))); +extern void xtables_param_act(unsigned int, const char *, ...); extern const char *ipaddr_to_numeric(const struct in_addr *); extern const char *ipaddr_to_anyname(const struct in_addr *); -- cgit v1.2.3 From e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 03:55:09 +0100 Subject: libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index e5737cb8..3099de8f 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -207,18 +207,18 @@ void exit_error(enum xtables_exittype, const char *, ...) __attribute__((noreturn, format(printf,2,3))); extern void xtables_param_act(unsigned int, const char *, ...); -extern const char *ipaddr_to_numeric(const struct in_addr *); -extern const char *ipaddr_to_anyname(const struct in_addr *); -extern const char *ipmask_to_numeric(const struct in_addr *); +extern const char *xtables_ipaddr_to_numeric(const struct in_addr *); +extern const char *xtables_ipaddr_to_anyname(const struct in_addr *); +extern const char *xtables_ipmask_to_numeric(const struct in_addr *); extern struct in_addr *numeric_to_ipaddr(const char *); extern struct in_addr *numeric_to_ipmask(const char *); extern void ipparse_hostnetworkmask(const char *, struct in_addr **, struct in_addr *, unsigned int *); extern struct in6_addr *numeric_to_ip6addr(const char *); -extern const char *ip6addr_to_numeric(const struct in6_addr *); -extern const char *ip6addr_to_anyname(const struct in6_addr *); -extern const char *ip6mask_to_numeric(const struct in6_addr *); +extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); +extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); +extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **, struct in6_addr *, unsigned int *); -- cgit v1.2.3 From 1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:20:32 +0100 Subject: libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 3099de8f..936bbcc8 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -210,12 +210,12 @@ extern void xtables_param_act(unsigned int, const char *, ...); extern const char *xtables_ipaddr_to_numeric(const struct in_addr *); extern const char *xtables_ipaddr_to_anyname(const struct in_addr *); extern const char *xtables_ipmask_to_numeric(const struct in_addr *); -extern struct in_addr *numeric_to_ipaddr(const char *); -extern struct in_addr *numeric_to_ipmask(const char *); +extern struct in_addr *xtables_numeric_to_ipaddr(const char *); +extern struct in_addr *xtables_numeric_to_ipmask(const char *); extern void ipparse_hostnetworkmask(const char *, struct in_addr **, struct in_addr *, unsigned int *); -extern struct in6_addr *numeric_to_ip6addr(const char *); +extern struct in6_addr *xtables_numeric_to_ip6addr(const char *); extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); -- cgit v1.2.3 From aae6be9edc99e58164a3592c510fe5488141c698 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:24:47 +0100 Subject: libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 936bbcc8..abde4d86 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -194,10 +194,10 @@ extern bool xtables_strtoul(const char *, char **, unsigned long *, unsigned long, unsigned long); extern bool xtables_strtoui(const char *, char **, unsigned int *, unsigned int, unsigned int); -extern int service_to_port(const char *name, const char *proto); -extern u_int16_t parse_port(const char *port, const char *proto); +extern int xtables_service_to_port(const char *name, const char *proto); +extern u_int16_t xtables_parse_port(const char *port, const char *proto); extern void -parse_interface(const char *arg, char *vianame, unsigned char *mask); +xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask); /* this is a special 64bit data type that is 8-byte aligned */ #define aligned_u64 u_int64_t __attribute__((aligned(8))) -- cgit v1.2.3 From a0baae85f8159f03d52535934aa9b3a375e0f1f3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:32:50 +0100 Subject: libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index abde4d86..c3c960b1 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -212,21 +212,21 @@ extern const char *xtables_ipaddr_to_anyname(const struct in_addr *); extern const char *xtables_ipmask_to_numeric(const struct in_addr *); extern struct in_addr *xtables_numeric_to_ipaddr(const char *); extern struct in_addr *xtables_numeric_to_ipmask(const char *); -extern void ipparse_hostnetworkmask(const char *, struct in_addr **, +extern void xtables_ipparse_any(const char *, struct in_addr **, struct in_addr *, unsigned int *); extern struct in6_addr *xtables_numeric_to_ip6addr(const char *); extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); -extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **, +extern void xtables_ip6parse_any(const char *, struct in6_addr **, struct in6_addr *, unsigned int *); /** * Print the specified value to standard output, quoting dangerous * characters if required. */ -extern void save_string(const char *value); +extern void xtables_save_string(const char *value); #ifdef NO_SHARED_LIBS # ifdef _INIT -- cgit v1.2.3 From 0f16c725aadaac7e670d632ecbaea3661ff00827 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 04:55:38 +0100 Subject: libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index c3c960b1..c1bf6d59 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -202,7 +202,8 @@ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask); /* this is a special 64bit data type that is 8-byte aligned */ #define aligned_u64 u_int64_t __attribute__((aligned(8))) -int check_inverse(const char option[], int *invert, int *my_optind, int argc); +int xtables_check_inverse(const char option[], int *invert, + int *my_optind, int argc); void exit_error(enum xtables_exittype, const char *, ...) __attribute__((noreturn, format(printf,2,3))); extern void xtables_param_act(unsigned int, const char *, ...); -- cgit v1.2.3 From 1de7edffc9085c0f41c261dca995e28ae4126c29 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 30 Jan 2009 05:38:11 +0100 Subject: libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index c1bf6d59..07217d6a 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -21,6 +21,9 @@ #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif +#ifndef IPPROTO_MH +# define IPPROTO_MH 135 +#endif #ifndef IPPROTO_UDPLITE #define IPPROTO_UDPLITE 136 #endif @@ -151,6 +154,17 @@ struct xtables_rule_match { bool completed; }; +/** + * struct xtables_pprot - + * + * A few hardcoded protocols for 'all' and in case the user has no + * /etc/protocols. + */ +struct xtables_pprot { + const char *name; + u_int8_t num; +}; + enum xtables_tryload { XTF_DONT_LOAD, XTF_DURING_LOAD, @@ -239,10 +253,13 @@ extern void xtables_save_string(const char *value); # define _init __attribute__((constructor)) _INIT #endif -/* Present in both iptables.c and ip6tables.c */ -extern u_int16_t parse_protocol(const char *s); +extern const struct xtables_pprot xtables_chain_protos[]; +extern u_int16_t xtables_parse_protocol(const char *s); #ifdef XTABLES_INTERNAL +# ifndef ARRAY_SIZE +# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) +# endif # include #endif -- cgit v1.2.3 From 77f48c2f1ef21fa43aa68c25a1457db319ca2526 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 7 Feb 2009 19:59:53 +0100 Subject: libxtables: move afinfo around libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt --- include/xtables.h.in | 1 + 1 file changed, 1 insertion(+) (limited to 'include/xtables.h.in') diff --git a/include/xtables.h.in b/include/xtables.h.in index 07217d6a..02750fb9 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -189,6 +189,7 @@ extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; extern void xtables_init(void); +extern void xtables_set_nfproto(uint8_t); extern void *xtables_calloc(size_t, size_t); extern void *xtables_malloc(size_t); -- cgit v1.2.3