[netfilter-cvslog] r3418 - trunk/iptables/libiptc
rusty at netfilter.org
rusty at netfilter.org
Thu Dec 16 14:21:44 CET 2004
Author: rusty at netfilter.org
Date: 2004-12-16 14:21:44 +0100 (Thu, 16 Dec 2004)
New Revision: 3418
Modified:
trunk/iptables/libiptc/libiptc.c
Log:
Remove GET_TARGET() define: this was for compiling iptables for debugging (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway.
Fix up DUMP_ENTRIES a little, but remove calls: it only dumps the table as loaded, not the changed (cached) table, which is misleading.
Fix TC_DELETE_ENTRY: we need to use iptcc_map_target() before comparing, otherwise "-j DROP" (as an example) doesn't work.
Modified: trunk/iptables/libiptc/libiptc.c
===================================================================
--- trunk/iptables/libiptc/libiptc.c 2004-12-16 13:15:11 UTC (rev 3417)
+++ trunk/iptables/libiptc/libiptc.c 2004-12-16 13:21:44 UTC (rev 3418)
@@ -44,14 +44,6 @@
#define IPT_LIB_DIR "/usr/local/lib/iptables"
#endif
-#ifndef __OPTIMIZE__
-STRUCT_ENTRY_TARGET *
-GET_TARGET(STRUCT_ENTRY *e)
-{
- return (void *)e + e->target_offset;
-}
-#endif
-
static int sockfd = -1;
static void *iptc_fn = NULL;
@@ -896,9 +888,8 @@
{
CHECK(handle);
#if 0
- printf("libiptc v%s. %u entries, %u bytes.\n",
- IPTABLES_VERSION,
- handle->new_number, handle->entries->size);
+ printf("libiptc v%s. %u bytes.\n",
+ IPTABLES_VERSION, handle->entries->size);
printf("Table `%s'\n", handle->info.name);
printf("Hooks: pre/in/fwd/out/post = %u/%u/%u/%u/%u\n",
handle->info.hook_entry[HOOK_PRE_ROUTING],
@@ -1111,7 +1102,7 @@
TC_HANDLE_T *handle)
{
STRUCT_ENTRY *e = (STRUCT_ENTRY *)ce;
- struct rule_head *r = container_of(e, struct rule_head, entry);
+ struct rule_head *r = container_of(e, struct rule_head, entry[0]);
iptc_fn = TC_GET_TARGET;
@@ -1448,8 +1439,7 @@
TC_HANDLE_T *handle)
{
struct chain_head *c;
- struct rule_head *r;
- STRUCT_ENTRY *e, *fw;
+ struct rule_head *r, *i;
iptc_fn = TC_DELETE_ENTRY;
if (!(c = iptcc_find_label(chain, *handle))) {
@@ -1457,45 +1447,43 @@
return 0;
}
- fw = malloc(origfw->next_offset);
- if (fw == NULL) {
+ /* Create a rule_head from origfw. */
+ r = iptcc_alloc_rule(c, origfw->next_offset);
+ if (!r) {
errno = ENOMEM;
return 0;
}
- list_for_each_entry(r, &c->rules, list) {
+ memcpy(r->entry, origfw, origfw->next_offset);
+ r->counter_map.maptype = COUNTER_MAP_NOMAP;
+ if (!iptcc_map_target(*handle, r)) {
+ DEBUGP("unable to map target of rule for chain `%s'\n", chain);
+ free(r);
+ return 0;
+ }
- memcpy(fw, origfw, origfw->next_offset);
-
-#if 0
- /* FIXME: handle this in is_same --RR */
- if (!map_target(*handle, fw, offset, &discard)) {
- free(fw);
- return 0;
- }
-#endif
-
- e = r->entry;
-
- if (is_same(e, fw, matchmask)) {
+ list_for_each_entry(i, &c->rules, list) {
+ if (r->type == i->type
+ && is_same(r->entry, i->entry, matchmask)) {
/* If we are about to delete the rule that is the
* current iterator, move rule iterator back. next
* pointer will then point to real next node */
- if (r == (*handle)->rule_iterator_cur) {
+ if (i == (*handle)->rule_iterator_cur) {
(*handle)->rule_iterator_cur =
list_entry((*handle)->rule_iterator_cur->list.prev,
struct rule_head, list);
}
c->num_rules--;
- iptcc_delete_rule(r);
+ iptcc_delete_rule(i);
set_changed(*handle);
+ free(r);
return 1;
}
}
- free(fw);
+ free(r);
errno = ENOENT;
return 0;
}
@@ -1970,10 +1958,6 @@
CHECK(*handle);
-#if 0
- TC_DUMP_ENTRIES(*handle);
-#endif
-
/* Don't commit if nothing changed. */
if (!(*handle)->changed)
goto finished;
@@ -1991,6 +1975,10 @@
}
memset(repl, 0, sizeof(*repl) + new_size);
+#if 0
+ TC_DUMP_ENTRIES(*handle);
+#endif
+
counterlen = sizeof(STRUCT_COUNTERS_INFO)
+ sizeof(STRUCT_COUNTERS) * new_number;
More information about the netfilter-cvslog
mailing list