[netfilter-cvslog] r6431 - in branches/iptables/iptables-1.4: .
extensions include include/libiptc libiptc
laforge at netfilter.org
laforge at netfilter.org
Mon Jan 23 18:24:51 CET 2006
Author: laforge at netfilter.org
Date: 2006-01-23 18:24:41 +0100 (Mon, 23 Jan 2006)
New Revision: 6431
Added:
branches/iptables/iptables-1.4/include/libiptc/libxtc.h
branches/iptables/iptables-1.4/include/xtables.h
branches/iptables/iptables-1.4/xtables.c
Modified:
branches/iptables/iptables-1.4/Makefile
branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c
branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c
branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c
branches/iptables/iptables-1.4/extensions/libipt_DNAT.c
branches/iptables/iptables-1.4/extensions/libipt_DSCP.c
branches/iptables/iptables-1.4/extensions/libipt_ECN.c
branches/iptables/iptables-1.4/extensions/libipt_FTOS.c
branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c
branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c
branches/iptables/iptables-1.4/extensions/libipt_LOG.c
branches/iptables/iptables-1.4/extensions/libipt_MARK.c
branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c
branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c
branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c
branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c
branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c
branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c
branches/iptables/iptables-1.4/extensions/libipt_POOL.c
branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c
branches/iptables/iptables-1.4/extensions/libipt_REJECT.c
branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c
branches/iptables/iptables-1.4/extensions/libipt_SAME.c
branches/iptables/iptables-1.4/extensions/libipt_SET.c
branches/iptables/iptables-1.4/extensions/libipt_SNAT.c
branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c
branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c
branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c
branches/iptables/iptables-1.4/extensions/libipt_TOS.c
branches/iptables/iptables-1.4/extensions/libipt_TRACE.c
branches/iptables/iptables-1.4/extensions/libipt_TTL.c
branches/iptables/iptables-1.4/extensions/libipt_ULOG.c
branches/iptables/iptables-1.4/extensions/libipt_XOR.c
branches/iptables/iptables-1.4/extensions/libipt_account.c
branches/iptables/iptables-1.4/extensions/libipt_addrtype.c
branches/iptables/iptables-1.4/extensions/libipt_ah.c
branches/iptables/iptables-1.4/extensions/libipt_childlevel.c
branches/iptables/iptables-1.4/extensions/libipt_comment.c
branches/iptables/iptables-1.4/extensions/libipt_condition.c
branches/iptables/iptables-1.4/extensions/libipt_connbytes.c
branches/iptables/iptables-1.4/extensions/libipt_connlimit.c
branches/iptables/iptables-1.4/extensions/libipt_connmark.c
branches/iptables/iptables-1.4/extensions/libipt_connrate.c
branches/iptables/iptables-1.4/extensions/libipt_conntrack.c
branches/iptables/iptables-1.4/extensions/libipt_dccp.c
branches/iptables/iptables-1.4/extensions/libipt_dscp.c
branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c
branches/iptables/iptables-1.4/extensions/libipt_ecn.c
branches/iptables/iptables-1.4/extensions/libipt_esp.c
branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c
branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c
branches/iptables/iptables-1.4/extensions/libipt_helper.c
branches/iptables/iptables-1.4/extensions/libipt_icmp.c
branches/iptables/iptables-1.4/extensions/libipt_iprange.c
branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c
branches/iptables/iptables-1.4/extensions/libipt_length.c
branches/iptables/iptables-1.4/extensions/libipt_limit.c
branches/iptables/iptables-1.4/extensions/libipt_mac.c
branches/iptables/iptables-1.4/extensions/libipt_mark.c
branches/iptables/iptables-1.4/extensions/libipt_mport.c
branches/iptables/iptables-1.4/extensions/libipt_multiport.c
branches/iptables/iptables-1.4/extensions/libipt_nth.c
branches/iptables/iptables-1.4/extensions/libipt_osf.c
branches/iptables/iptables-1.4/extensions/libipt_owner.c
branches/iptables/iptables-1.4/extensions/libipt_physdev.c
branches/iptables/iptables-1.4/extensions/libipt_pkttype.c
branches/iptables/iptables-1.4/extensions/libipt_policy.c
branches/iptables/iptables-1.4/extensions/libipt_pool.c
branches/iptables/iptables-1.4/extensions/libipt_psd.c
branches/iptables/iptables-1.4/extensions/libipt_realm.c
branches/iptables/iptables-1.4/extensions/libipt_rpc.c
branches/iptables/iptables-1.4/extensions/libipt_sctp.c
branches/iptables/iptables-1.4/extensions/libipt_standard.c
branches/iptables/iptables-1.4/extensions/libipt_state.c
branches/iptables/iptables-1.4/extensions/libipt_tcp.c
branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c
branches/iptables/iptables-1.4/extensions/libipt_time.c
branches/iptables/iptables-1.4/extensions/libipt_tos.c
branches/iptables/iptables-1.4/extensions/libipt_ttl.c
branches/iptables/iptables-1.4/extensions/libipt_u32.c
branches/iptables/iptables-1.4/extensions/libipt_udp.c
branches/iptables/iptables-1.4/extensions/libipt_unclean.c
branches/iptables/iptables-1.4/include/ip6tables.h
branches/iptables/iptables-1.4/include/iptables.h
branches/iptables/iptables-1.4/include/iptables_common.h
branches/iptables/iptables-1.4/include/libiptc/libip6tc.h
branches/iptables/iptables-1.4/include/libiptc/libiptc.h
branches/iptables/iptables-1.4/ip6tables.c
branches/iptables/iptables-1.4/iptables.c
branches/iptables/iptables-1.4/libiptc/libip4tc.c
branches/iptables/iptables-1.4/libiptc/libip6tc.c
branches/iptables/iptables-1.4/libiptc/libiptc.c
Log:
first steps towards x_tables generalization (not compiling, don't use it yet)
Modified: branches/iptables/iptables-1.4/Makefile
===================================================================
--- branches/iptables/iptables-1.4/Makefile 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/Makefile 2006-01-23 17:24:41 UTC (rev 6431)
@@ -14,8 +14,8 @@
ifndef KERNEL_DIR
KERNEL_DIR=/usr/src/linux
endif
-IPTABLES_VERSION:=1.3.4
-OLD_IPTABLES_VERSION:=1.3.3
+IPTABLES_VERSION:=1.4.0
+OLD_IPTABLES_VERSION:=1.3.4
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
Modified: branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_CLASSIFY.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,12 +26,6 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
int string_to_priority(const char *s, unsigned int *p)
{
unsigned int i, j;
@@ -47,11 +41,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_classify_target_info *clinfo
- = (struct ipt_classify_target_info *)(*target)->data;
+ struct ipt_classify_target_info *clinfo = targetinfo;
switch (c) {
case '1':
@@ -87,35 +79,30 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_classify_target_info *clinfo =
- (const struct ipt_classify_target_info *)target->data;
+ const struct ipt_classify_target_info *clinfo = targetinfo;
printf("CLASSIFY set ");
print_class(clinfo->priority, numeric);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_classify_target_info *clinfo =
- (const struct ipt_classify_target_info *)target->data;
+ const struct ipt_classify_target_info *clinfo = targetinfo;
printf("--set-class %.4x:%.4x ",
TC_H_MAJ(clinfo->priority)>>16, TC_H_MIN(clinfo->priority));
}
-static struct iptables_target classify = {
- .next = NULL,
+static struct xtables_target classify = {
.name = "CLASSIFY",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_classify_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_classify_target_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_classify_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_classify_target_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_CLUSTERIP.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -55,11 +55,6 @@
};
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
-static void
parse_mac(const char *mac, char *macbuf)
{
unsigned int i = 0;
@@ -85,11 +80,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_clusterip_tgt_info *cipinfo
- = (struct ipt_clusterip_tgt_info *)(*target)->data;
+ struct ipt_clusterip_tgt_info *cipinfo = targetinfo;
switch (c) {
unsigned int num;
@@ -207,12 +200,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_clusterip_tgt_info *cipinfo =
- (const struct ipt_clusterip_tgt_info *)target->data;
+ const struct ipt_clusterip_tgt_info *cipinfo = targetinfo;
if (!cipinfo->flags & CLUSTERIP_FLAG_NEW) {
printf("CLUSTERIP");
@@ -229,10 +219,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_clusterip_tgt_info *cipinfo =
- (const struct ipt_clusterip_tgt_info *)target->data;
+ const struct ipt_clusterip_tgt_info *cipinfo = targetinfo;
/* if this is not a new entry, we don't need to save target
* parameters */
@@ -248,13 +237,12 @@
}
static struct iptables_target clusterip = {
- .next = NULL,
.name = "CLUSTERIP",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_clusterip_tgt_info)),
.userspacesize = offsetof(struct ipt_clusterip_tgt_info, config),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_CONNMARK.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -28,13 +28,6 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include "../include/linux/netfilter_ipv4/ipt_CONNMARK.h"
-#if 0
-struct markinfo {
- struct ipt_entry_target t;
- struct ipt_connmark_target_info mark;
-};
-#endif
-
/* Function which prints out usage message. */
static void
help(void)
@@ -56,21 +49,13 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_connmark_target_info *markinfo
- = (struct ipt_connmark_target_info *)(*target)->data;
+ struct ipt_connmark_target_info *markinfo = targetinfo;
markinfo->mask = 0xffffffffUL;
@@ -144,12 +129,9 @@
/* Prints out the target info. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_connmark_target_info *markinfo =
- (const struct ipt_connmark_target_info *)target->data;
+ const struct ipt_connmark_target_info *markinfo = targetinfo;
switch (markinfo->mode) {
case IPT_CONNMARK_SET:
printf("CONNMARK set ");
@@ -174,10 +156,9 @@
/* Saves the target into in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_connmark_target_info *markinfo =
- (const struct ipt_connmark_target_info *)target->data;
+ const struct ipt_connmark_target_info *markinfo = targetinfo;
switch (markinfo->mode) {
case IPT_CONNMARK_SET:
@@ -200,13 +181,13 @@
}
}
-static struct iptables_target connmark_target = {
+static struct xtables_target connmark_target = {
.name = "CONNMARK",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_connmark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_connmark_target_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_DNAT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_DNAT.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_DNAT.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -39,7 +39,7 @@
unsigned int size;
/* One rangesize already in struct ipt_natinfo */
- size = IPT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
+ size = XT_ALIGN(sizeof(*info) + info->mr.rangesize * sizeof(*range));
info = realloc(info, size);
if (!info)
@@ -136,10 +136,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_natinfo *info = (void *)*target;
+ struct ipt_natinfo *info = targetinfo;
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -201,11 +200,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- struct ipt_natinfo *info = (void *)target;
+ const struct ipt_natinfo *info = targetinfo;
unsigned int i = 0;
printf("to:");
@@ -217,9 +214,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- struct ipt_natinfo *info = (void *)target;
+ const struct ipt_natinfo *info = targetinfo;
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
@@ -230,11 +227,11 @@
}
static struct iptables_target dnat = {
- .next = NULL,
.name = "DNAT",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_DSCP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_DSCP.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_DSCP.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -21,11 +21,6 @@
/* This is evil, but it's my code - HW*/
#include "libipt_dscp_helper.c"
-
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
static void help(void)
{
printf(
@@ -78,11 +73,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_DSCP_info *dinfo
- = (struct ipt_DSCP_info *)(*target)->data;
+ struct ipt_DSCP_info *dinfo = targetinfo;
switch (c) {
case 'F':
@@ -123,34 +116,29 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_DSCP_info *dinfo =
- (const struct ipt_DSCP_info *)target->data;
+ const struct ipt_DSCP_info *dinfo = targetinfo;
printf("DSCP set ");
print_dscp(dinfo->dscp, numeric);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_DSCP_info *dinfo =
- (const struct ipt_DSCP_info *)target->data;
+ const struct ipt_DSCP_info *dinfo = targetinfo;
printf("--set-dscp 0x%02x ", dinfo->dscp);
}
static struct iptables_target dscp = {
- .next = NULL,
.name = "DSCP",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_DSCP_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_DSCP_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_DSCP_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_DSCP_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ECN.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ECN.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ECN.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -17,10 +17,6 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_ECN.h>
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
static void help(void)
{
printf(
@@ -47,12 +43,10 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
unsigned int result;
- struct ipt_ECN_info *einfo
- = (struct ipt_ECN_info *)(*target)->data;
+ struct ipt_ECN_info *einfo = targetinfo;
switch (c) {
case 'F':
@@ -114,12 +108,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, void *targetinfo, int numeric)
{
- const struct ipt_ECN_info *einfo =
- (const struct ipt_ECN_info *)target->data;
+ const struct ipt_ECN_info *einfo = targetinfo;
printf("ECN ");
@@ -143,8 +134,7 @@
static void
save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
{
- const struct ipt_ECN_info *einfo =
- (const struct ipt_ECN_info *)target->data;
+ const struct ipt_ECN_info *einfo = targetinfo;
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
@@ -164,14 +154,13 @@
}
static
-struct iptables_target ecn = {
- .next = NULL,
+struct xtables_target ecn = {
.name = "ECN",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ECN_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ECN_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ECN_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ECN_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_FTOS.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_FTOS.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_FTOS.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -21,10 +21,6 @@
u_int8_t ftos;
};
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
static void help(void)
{
printf(
@@ -54,11 +50,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_FTOS_info *finfo
- = (struct ipt_FTOS_info *)(*target)->data;
+ struct ipt_FTOS_info *finfo = targetinfo;
switch (c) {
case 'F':
@@ -92,34 +86,29 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_FTOS_info *finfo =
- (const struct ipt_FTOS_info *)target->data;
+ const struct ipt_FTOS_info *finfo = targetinfo;
printf("TOS set ");
print_ftos(finfo->ftos, numeric);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_FTOS_info *finfo =
- (const struct ipt_FTOS_info *)target->data;
+ const struct ipt_FTOS_info *finfo = targetinfo;
printf("--set-ftos 0x%02x ", finfo->ftos);
}
-static struct iptables_target ftos = {
- .next = NULL,
+static struct xtables_target ftos = {
.name = "FTOS",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_FTOS_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_FTOS_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_FTOS_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_FTOS_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_IPMARK.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -45,10 +45,9 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_ipmark_target_info *ipmarkinfo =
- (struct ipt_ipmark_target_info *)t->data;
+ struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
ipmarkinfo->andmask=0xffffffff;
ipmarkinfo->ormask=0;
@@ -59,11 +58,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_ipmark_target_info *ipmarkinfo
- = (struct ipt_ipmark_target_info *)(*target)->data;
+ struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
switch (c) {
char *end;
@@ -116,12 +113,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_ipmark_target_info *ipmarkinfo =
- (const struct ipt_ipmark_target_info *)target->data;
+ const struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
if(ipmarkinfo->addr == IPT_IPMARK_SRC)
printf("IPMARK src");
@@ -132,10 +126,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_ipmark_target_info *ipmarkinfo =
- (const struct ipt_ipmark_target_info *)target->data;
+ const struct ipt_ipmark_target_info *ipmarkinfo = targetinfo;
if(ipmarkinfo->addr == IPT_IPMARK_SRC)
printf("--addr=src ");
@@ -148,11 +141,11 @@
}
static struct iptables_target ipmark = {
- .next = NULL,
.name = "IPMARK",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ipmark_target_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_IPV4OPTSSTRIP.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -27,8 +27,7 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
return 0;
}
@@ -40,26 +39,24 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
/* nothing to print, we don't take option... */
}
/* Saves the stuff in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
/* nothing to print, we don't take option... */
}
static struct iptables_target IPV4OPTSSTRIP = {
- .next = NULL,
.name = "IPV4OPTSSTRIP",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .pf = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_LOG.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_LOG.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_LOG.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -110,10 +110,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_log_info *loginfo = (struct ipt_log_info *)(*target)->data;
+ struct ipt_log_info *loginfo = targetinfo;
switch (c) {
case '!':
@@ -202,12 +201,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_log_info *loginfo
- = (const struct ipt_log_info *)target->data;
+ const struct ipt_log_info *loginfo = targetinfo;
unsigned int i = 0;
printf("LOG ");
@@ -243,10 +239,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_log_info *loginfo
- = (const struct ipt_log_info *)target->data;
+ const struct ipt_log_info *loginfo = targetinfo;
if (strcmp(loginfo->prefix, "") != 0)
printf("--log-prefix \"%s\" ", loginfo->prefix);
@@ -264,13 +259,13 @@
printf("--log-uid ");
}
-static
-struct iptables_target log
+static struct xtables_target log
= {
.name = "LOG",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_log_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_log_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_log_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_log_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_MARK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_MARK.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_MARK.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -29,21 +29,13 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_mark_target_info *markinfo
- = (struct ipt_mark_target_info *)(*target)->data;
+ struct ipt_mark_target_info *markinfo = targetinfo;
switch (c) {
case '1':
@@ -86,11 +78,9 @@
ate an option */
static int
parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_mark_target_info_v1 *markinfo
- = (struct ipt_mark_target_info_v1 *)(*target)->data;
+ struct ipt_mark_target_info_v1 *markinfo = targetinfo;
switch (c) {
case '1':
@@ -137,22 +127,18 @@
/* Prints out the targinfo. */
static void
-print_v0(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print_v0(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_mark_target_info *markinfo =
- (const struct ipt_mark_target_info *)target->data;
+ const struct ipt_mark_target_info *markinfo = targetinfo;
printf("MARK set ");
print_mark(markinfo->mark);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save_v0(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save_v0(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_mark_target_info *markinfo =
- (const struct ipt_mark_target_info *)target->data;
+ const struct ipt_mark_target_info *markinfo = targetinfo;
printf("--set-mark ");
print_mark(markinfo->mark);
@@ -160,12 +146,9 @@
/* Prints out the targinfo. */
static void
-print_v1(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print_v1(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_mark_target_info_v1 *markinfo =
- (const struct ipt_mark_target_info_v1 *)target->data;
+ const struct ipt_mark_target_info_v1 *markinfo = targetinfo;
switch (markinfo->mode) {
case IPT_MARK_SET:
@@ -183,10 +166,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save_v1(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save_v1(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_mark_target_info_v1 *markinfo =
- (const struct ipt_mark_target_info_v1 *)target->data;
+ const struct ipt_mark_target_info_v1 *markinfo = targetinfo;
switch (markinfo->mode) {
case IPT_MARK_SET:
@@ -204,14 +186,13 @@
static
struct iptables_target mark_v0 = {
- .next = NULL,
.name = "MARK",
.version = IPTABLES_VERSION,
+ .pf = PF_UNSPEC,
.revision = 0,
- .size = IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_mark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_mark_target_info)),
.help = &help,
- .init = &init,
.parse = &parse_v0,
.final_check = &final_check,
.print = &print_v0,
@@ -221,14 +202,13 @@
static
struct iptables_target mark_v1 = {
- .next = NULL,
.name = "MARK",
.version = IPTABLES_VERSION,
+ .pf = PF_UNSPEC,
.revision = 1,
- .size = IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
+ .size = XT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
.help = &help,
- .init = &init,
.parse = &parse_v1,
.final_check = &final_check,
.print = &print_v1,
Modified: branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_MASQUERADE.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,13 +26,12 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct ip_nat_multi_range *mr = targetinfo;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
-
}
/* Parses ports */
@@ -73,12 +72,10 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
int portok;
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct ip_nat_multi_range *mr = targetinfo;
if (entry->ip.proto == IPPROTO_TCP
|| entry->ip.proto == IPPROTO_UDP
@@ -112,12 +109,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ip_nat_multi_range *mr = targetinfo;
struct ip_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
@@ -131,10 +125,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ip_nat_multi_range *mr = targetinfo;
struct ip_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
@@ -145,11 +138,12 @@
}
}
-static struct iptables_target masq = { NULL,
+static struct xtables_target masq = {
.name = "MASQUERADE",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_MIRROR.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -20,18 +20,11 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
return 0;
}
@@ -42,13 +35,12 @@
}
static struct iptables_target mirror = {
- .next = NULL,
.name = "MIRROR",
.version = IPTABLES_VERSION,
+ .pf = PF_INET,
.size = IPT_ALIGN(0),
.userspacesize = IPT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = NULL,
Modified: branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NETLINK.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,20 +26,18 @@
{0}
};
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
+static void init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_nldata *nld = (struct ipt_nldata *) t->data;
+ struct ipt_nldata *nld = targetinfo;
nld->flags=0;
-
}
/* Parse command options */
static int parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_nldata *nld=(struct ipt_nldata *)(*target)->data;
+ struct ipt_nldata *nld = targetinfo;
switch (c) {
case 'd':
@@ -101,11 +99,9 @@
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_nldata *nld
- = (const struct ipt_nldata *) target->data;
+ const struct ipt_nldata *nld = targetinfo;
if ( MASK(nld->flags, USE_DROP) )
printf("--nldrop ");
@@ -119,11 +115,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target, int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_nldata *nld
- = (const struct ipt_nldata *) target->data;
+ const struct ipt_nldata *nld = targetinfo;
if ( MASK(nld->flags, USE_DROP) )
printf("nldrop ");
@@ -135,12 +129,12 @@
printf("nlsize %i ", nld->size);
}
-static struct iptables_target netlink = {
- .next = NULL,
+static struct xtables_target netlink = {
.name = "NETLINK",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_nldata)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_nldata)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_nldata)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_nldata)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NETMAP.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -56,13 +56,12 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct ip_nat_multi_range *mr = targetinfo;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
-
}
/* Parses network address */
@@ -118,11 +117,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct ip_nat_multi_range *mr = targetinfo;
switch (c) {
case '1':
@@ -149,12 +146,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ const struct ip_nat_multi_range *mr = targetinfo;
struct ip_nat_range *r = &mr->range[0];
struct in_addr a;
int bits;
@@ -171,18 +165,18 @@
/* Saves the targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *target)
{
printf("--%s ", opts[0].name);
print(ip, target, 0);
}
-static struct iptables_target target_module = {
- .next = NULL,
+static struct xtables_target target_module = {
.name = MODULENAME,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NFQUEUE.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -14,10 +14,6 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
static void help(void)
{
printf(
@@ -47,11 +43,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_NFQ_info *tinfo
- = (struct ipt_NFQ_info *)(*target)->data;
+ struct ipt_NFQ_info *tinfo = targetinfo;
switch (c) {
case 'F':
@@ -74,33 +68,28 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_NFQ_info *tinfo =
- (const struct ipt_NFQ_info *)target->data;
+ const struct ipt_NFQ_info *tinfo = targetinfo;
printf("NFQUEUE num %u", tinfo->queuenum);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_NFQ_info *tinfo =
- (const struct ipt_NFQ_info *)target->data;
+ const struct ipt_NFQ_info *tinfo = targetinfo;
printf("--queue-num %u ", tinfo->queuenum);
}
-static struct iptables_target nfqueue = {
- .next = NULL,
+static struct xtables_target nfqueue = {
.name = "NFQUEUE",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_NFQ_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_NFQ_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_NOTRACK.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -20,18 +20,11 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
return 0;
}
@@ -42,14 +35,13 @@
}
static
-struct iptables_target notrack
-= { .next = NULL,
+struct xtables_target notrack = {
.name = "NOTRACK",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .pf = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = NULL, /* print */
Modified: branches/iptables/iptables-1.4/extensions/libipt_POOL.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_POOL.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_POOL.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -44,9 +44,9 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *target, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_pool_info *ipi = (struct ipt_pool_info *) target->data;
+ struct ipt_pool_info *ipi = targetinfo;
ipi->src = ipi->dst = IP_POOL_NONE;
ipi->flags = 0;
@@ -57,10 +57,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_pool_info *ipi = (struct ipt_pool_info *) (*target)->data;
+ struct ipt_pool_info *ipi = targetinfo;
switch (c) {
case '1': /* --add-srcip <pool> */
ipi->src = ip_pool_get_index(optarg);
@@ -91,12 +90,10 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
char buf[256];
- struct ipt_pool_info *ipi = (struct ipt_pool_info *) target->data;
+ struct ipt_pool_info *ipi = targetinfo;
printf("POOL");
if (ipi->src != IP_POOL_NONE) {
@@ -113,10 +110,10 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
char buf[256];
- struct ipt_pool_info *ipi = (struct ipt_pool_info *) target->data;
+ struct ipt_pool_info *ipi = targetinfo;
printf("-j POOL");
if (ipi->src != IP_POOL_NONE) {
@@ -131,12 +128,12 @@
}
}
-static struct iptables_target ipt_pool_target = {
- .next = NULL,
+static struct xtables_target ipt_pool_target = {
.name = "POOL",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_pool_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_pool_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_pool_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_pool_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_REDIRECT.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,13 +26,12 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo *t, unsigned int *nfcache)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct ip_nat_multi_range *mr = targetinfo;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
-
}
/* Parses ports */
@@ -73,11 +72,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct ip_nat_multi_range *mr = targetinfo;
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -112,12 +109,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ip_nat_multi_range *mr = targetinfo;
struct ip_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
@@ -131,10 +125,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
+ struct ip_nat_multi_range *mr = targetinfo;
struct ip_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
Modified: branches/iptables/iptables-1.4/extensions/libipt_REJECT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_REJECT.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_REJECT.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -87,9 +87,9 @@
/* Allocate and initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_reject_info *reject = (struct ipt_reject_info *)t->data;
+ struct ipt_reject_info *reject = targetinfo;
/* default */
reject->with = IPT_ICMP_PORT_UNREACHABLE;
@@ -100,10 +100,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_reject_info *reject = (struct ipt_reject_info *)(*target)->data;
+ struct ipt_reject_info *reject = targetinfo;
unsigned int limit = sizeof(reject_table)/sizeof(struct reject_names);
unsigned int i;
@@ -139,12 +138,9 @@
/* Prints out ipt_reject_info. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_reject_info *reject
- = (const struct ipt_reject_info *)target->data;
+ const struct ipt_reject_info *reject = targetinfo;
unsigned int i;
for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++) {
@@ -155,10 +151,9 @@
}
/* Saves ipt_reject in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_reject_info *reject
- = (const struct ipt_reject_info *)target->data;
+ const struct ipt_reject_info *reject = targetinfo;
unsigned int i;
for (i = 0; i < sizeof(reject_table)/sizeof(struct reject_names); i++)
@@ -168,12 +163,12 @@
printf("--reject-with %s ", reject_table[i].name);
}
-static struct iptables_target reject = {
- .next = NULL,
+static struct xtables_target reject = {
.name = "REJECT",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_reject_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_reject_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_reject_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_reject_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ROUTE.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -49,10 +49,9 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_route_target_info *route_info =
- (struct ipt_route_target_info*)t->data;
+ struct ipt_route_target_info *route_info = targetinfo;
route_info->oif[0] = '\0';
route_info->iif[0] = '\0';
@@ -71,11 +70,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_route_target_info *route_info =
- (struct ipt_route_target_info*)(*target)->data;
+ struct ipt_route_target_info *route_info = targetinfo;
switch (c) {
case '1':
@@ -189,12 +186,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_route_target_info *route_info
- = (const struct ipt_route_target_info *)target->data;
+ const struct ipt_route_target_info *route_info = targetinfo;
printf("ROUTE ");
@@ -218,11 +212,9 @@
}
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_route_target_info *route_info
- = (const struct ipt_route_target_info *)target->data;
+ const struct ipt_route_target_info *route_info = targetinf;
if (route_info->oif[0])
printf("--oif %s ", route_info->oif);
@@ -243,12 +235,12 @@
}
-static struct iptables_target route = {
- .next = NULL,
+static struct xtables_target route = {
.name = "ROUTE",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_route_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_route_target_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_route_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_route_target_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_SAME.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_SAME.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_SAME.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -34,9 +34,9 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_same_info *mr = (struct ipt_same_info *)t->data;
+ struct ipt_same_info *mr = targetinfo;
/* Set default to 0 */
mr->rangesize = 0;
@@ -84,11 +84,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_same_info *mr
- = (struct ipt_same_info *)(*target)->data;
+ struct ipt_same_info *mr = targetinfo;
switch (c) {
case '1':
@@ -132,13 +130,10 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
int count;
- struct ipt_same_info *mr
- = (struct ipt_same_info *)target->data;
+ const struct ipt_same_info *mr = targetinfo;
printf("same:");
@@ -163,11 +158,10 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
int count;
- struct ipt_same_info *mr
- = (struct ipt_same_info *)target->data;
+ const struct ipt_same_info *mr = targetinfo;
for (count = 0; count < mr->rangesize; count++) {
struct ip_nat_range *r = &mr->range[count];
@@ -187,12 +181,12 @@
printf("--nodst ");
}
-static struct iptables_target same = {
- .next = NULL,
+static struct xtables_target same = {
.name = "SAME",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_same_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_same_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_same_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_same_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_SET.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_SET.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_SET.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -42,10 +42,9 @@
};
/* Initialize the target. */
-static void init(struct ipt_entry_target *target, unsigned int *nfcache)
+static void init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_set_info_target *info =
- (struct ipt_set_info_target *) target->data;
+ struct ipt_set_info_target *info = targetinfo;
memset(info, 0, sizeof(struct ipt_set_info_target));
info->add_set.index =
@@ -86,10 +85,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry, struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_set_info_target *myinfo =
- (struct ipt_set_info_target *) (*target)->data;
+ struct ipt_set_info_target *myinfo = targetinfo;
switch (c) {
case '1': /* --add-set <set> <flags> */
@@ -137,11 +135,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target, int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- struct ipt_set_info_target *info =
- (struct ipt_set_info_target *) target->data;
+ struct ipt_set_info_target *info = targetinfo;
print_target("add-set", &info->add_set);
print_target("del-set", &info->del_set);
@@ -149,22 +145,22 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- struct ipt_set_info_target *info =
- (struct ipt_set_info_target *) target->data;
+ const struct ipt_set_info_target *info = targetinfo;
print_target("--add-set", &info->add_set);
print_target("--del-set", &info->del_set);
}
static
-struct iptables_target ipt_set_target
+struct xtables_target ipt_set_target
= {
.name = "SET",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_set_info_target)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_set_info_target)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_set_info_target)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_set_info_target)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_SNAT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_SNAT.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_SNAT.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -136,10 +136,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_natinfo *info = (void *)*target;
+ struct ipt_natinfo *info = targetinfo;
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -201,11 +200,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- struct ipt_natinfo *info = (void *)target;
+ const struct ipt_natinfo *info = targetinfo;
unsigned int i = 0;
printf("to:");
@@ -217,9 +214,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- struct ipt_natinfo *info = (void *)target;
+ const struct ipt_natinfo *info = targetinfo;
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
@@ -229,12 +226,12 @@
}
}
-static struct iptables_target snat = {
- .next = NULL,
+static struct xtables_target snat = {
.name = "SNAT",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TARPIT.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -17,8 +17,7 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
return 0;
}
@@ -28,22 +27,20 @@
}
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
}
-static void save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
{
}
-static struct iptables_target tarpit = {
- .next = NULL,
+static struct xtables_target tarpit = {
.name = "TARPIT",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .pf = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TCPLAG.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -71,9 +71,9 @@
* Probably we could fiddle with t->tflags too but there is
* no great advantage in doing so.
*/
-static void init( struct ipt_entry_target *t, unsigned int *nfcache )
+static void init( void *targetinfo, unsigned int *nfcache )
{
- struct ipt_tcplag *el = (struct ipt_tcplag *)t->data;
+ struct ipt_tcplag *el = targetinfo;
memset( el, 0, sizeof( struct ipt_tcplag ));
el->level = 4; /* Default to warning level */
strcpy( el->prefix, "TCPLAG:" ); /* Give a reasonable default prefix */
@@ -111,9 +111,9 @@
* (this has already been malloced for us).
*/
static int parse( int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry, struct ipt_entry_target **target )
+ const struct ipt_entry *entry, void *targetinfo )
{
- struct ipt_tcplag *el = (struct ipt_tcplag *)( *target )->data;
+ struct ipt_tcplag *el = targetinfo;
/*
* Yeah, we could complain about options being issued twice but
* is it really worth the trouble? Will it make the world a better place?
@@ -158,9 +158,9 @@
* but coding of the various libipt_XX.c modules suggests
* that it is safe to presume target is correctly initialised.
*/
-static void print(const struct ipt_ip *ip, const struct ipt_entry_target *target, int numeric)
+static void print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_tcplag *el = (const struct ipt_tcplag *)target->data;
+ const struct ipt_tcplag *el = targetinfo;
printf("TCPLAG <%d>", el->level );
if( el->prefix[ 0 ])
{
@@ -172,9 +172,9 @@
* As above but command-line style printout
* (machine-readable for restoring table)
*/
-static void save( const struct ipt_ip *ip, const struct ipt_entry_target *target )
+static void save( const struct ipt_ip *ip, const void *targetinfo )
{
- const struct ipt_tcplag *el = (const struct ipt_tcplag *)target->data;
+ const struct ipt_tcplag *el = targetinfo;
printf("TCPLAG --log-level=%d", el->level );
if( el->prefix[ 0 ])
{
@@ -193,11 +193,11 @@
*/
static struct iptables_target targ =
{
-next: 0,
name: "TCPLAG",
version: IPTABLES_VERSION,
-size: IPT_ALIGN( sizeof( struct ipt_tcplag )),
-userspacesize: IPT_ALIGN( sizeof( struct ipt_tcplag )),
+pf: PF_INET,
+size: XT_ALIGN( sizeof( struct ipt_tcplag )),
+userspacesize: XT_ALIGN( sizeof( struct ipt_tcplag )),
help: &help,
init: &init,
parse: &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TCPMSS.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -33,21 +33,13 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_tcpmss_info *mssinfo
- = (struct ipt_tcpmss_info *)(*target)->data;
+ struct ipt_tcpmss_info *mssinfo = targetinfo;
switch (c) {
unsigned int mssval;
@@ -88,12 +80,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_tcpmss_info *mssinfo =
- (const struct ipt_tcpmss_info *)target->data;
+ const struct ipt_tcpmss_info *mssinfo = targetinfo;
if(mssinfo->mss == IPT_TCPMSS_CLAMP_PMTU)
printf("TCPMSS clamp to PMTU ");
else
@@ -102,10 +91,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_tcpmss_info *mssinfo =
- (const struct ipt_tcpmss_info *)target->data;
+ const struct ipt_tcpmss_info *mssinfo = targetinfo;
if(mssinfo->mss == IPT_TCPMSS_CLAMP_PMTU)
printf("--clamp-mss-to-pmtu ");
@@ -113,14 +101,13 @@
printf("--set-mss %u ", mssinfo->mss);
}
-static struct iptables_target mss = {
- .next = NULL,
+static struct xtables_target mss = {
.name = "TCPMSS",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_tcpmss_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_tcpmss_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_tcpmss_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tcpmss_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_TOS.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TOS.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TOS.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -52,13 +52,7 @@
{ 0 }
};
-/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
-static void
parse_tos(const char *s, struct ipt_tos_target_info *info)
{
unsigned int i, tos;
@@ -86,11 +80,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_tos_target_info *tosinfo
- = (struct ipt_tos_target_info *)(*target)->data;
+ struct ipt_tos_target_info *tosinfo = targetinfo;
switch (c) {
case '1':
@@ -133,34 +125,29 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target,
- int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_tos_target_info *tosinfo =
- (const struct ipt_tos_target_info *)target->data;
+ const struct ipt_tos_target_info *tosinfo = targetinfo;
printf("TOS set ");
print_tos(tosinfo->tos, numeric);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_tos_target_info *tosinfo =
- (const struct ipt_tos_target_info *)target->data;
+ const struct ipt_tos_target_info *tosinfo = targetinfo;
printf("--set-tos 0x%02x ", tosinfo->tos);
}
static struct iptables_target tos = {
- .next = NULL,
.name = "TOS",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_tos_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_tos_target_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_tos_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_target_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_TRACE.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TRACE.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TRACE.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -20,18 +20,11 @@
{ 0 }
};
-/* Initialize the target. */
-static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
return 0;
}
@@ -43,13 +36,13 @@
static
struct iptables_target trace
-= { .next = NULL,
- .name = "TRACE",
+= { .name = "TRACE",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .pf = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = &help,
- .init = &init,
+ .init = NULL,
.parse = &parse,
.final_check = &final_check,
.print = NULL, /* print */
Modified: branches/iptables/iptables-1.4/extensions/libipt_TTL.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_TTL.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_TTL.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -31,10 +31,9 @@
}
static int parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_TTL_info *info = (struct ipt_TTL_info *) (*target)->data;
+ struct ipt_TTL_info *info = targetinfo;
unsigned int value;
if (*flags & IPT_TTL_USED) {
@@ -96,11 +95,9 @@
"TTL: You must specify an action");
}
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_TTL_info *info =
- (struct ipt_TTL_info *) target->data;
+ const struct ipt_TTL_info *info = targetinfo;
switch (info->mode) {
case IPT_TTL_SET:
@@ -117,11 +114,9 @@
printf("%u ", info->ttl);
}
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target, int numeric)
+static void print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_TTL_info *info =
- (struct ipt_TTL_info *) target->data;
+ const struct ipt_TTL_info *info = targetinfo;
printf("TTL ");
switch (info->mode) {
@@ -145,12 +140,12 @@
{ 0 }
};
-static struct iptables_target TTL = {
- .next = NULL,
+static struct xtables_target TTL = {
.name = "TTL",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_TTL_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_TTL_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_TTL_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_TTL_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ULOG.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ULOG.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ULOG.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -53,9 +53,9 @@
};
/* Initialize the target. */
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
+static void init(void *targetinfo, unsigned int *nfcache)
{
- struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) t->data;
+ struct ipt_ulog_info *loginfo = targetinfo;
loginfo->nl_group = ULOG_DEFAULT_NLGROUP;
loginfo->qthreshold = ULOG_DEFAULT_QTHRESHOLD;
@@ -70,11 +70,9 @@
/* Function which parses command options; returns true if it
ate an option */
static int parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_ulog_info *loginfo =
- (struct ipt_ulog_info *) (*target)->data;
+ struct ipt_ulog_info *loginfo = targetinfo;
int group_d;
switch (c) {
@@ -156,11 +154,9 @@
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_target *target)
+static void save(const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_ulog_info *loginfo
- = (const struct ipt_ulog_info *) target->data;
+ const struct ipt_ulog_info *loginfo = targetinfo;
if (strcmp(loginfo->prefix, "") != 0)
printf("--ulog-prefix \"%s\" ", loginfo->prefix);
@@ -186,11 +182,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_target *target, int numeric)
+print(const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_ulog_info *loginfo
- = (const struct ipt_ulog_info *) target->data;
+ const struct ipt_ulog_info *loginfo = targetinfo;
printf("ULOG ");
#ifdef KERNEL_64_USERSPACE_32
@@ -208,12 +202,12 @@
#endif
}
-static struct iptables_target ulog = {
- .next = NULL,
+static struct xtables_target ulog = {
.name = "ULOG",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ulog_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ulog_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ulog_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ulog_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_XOR.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_XOR.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_XOR.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -19,10 +19,6 @@
#define IPT_KEY_SET 1
#define IPT_BLOCKSIZE_SET 2
-static void init(struct ipt_entry_target *t, unsigned int *nfcache)
-{
-}
-
static void help(void)
{
printf(
@@ -33,10 +29,9 @@
}
static int parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *targetinfo)
{
- struct ipt_XOR_info *info = (struct ipt_XOR_info *) (*target)->data;
+ struct ipt_XOR_info *info = targetinfo;
if (!optarg)
exit_error(PARAMETER_PROBLEM, "XOR: too few arguments");
@@ -69,19 +64,17 @@
exit_error(PARAMETER_PROBLEM, "XOR: You must specify a block-size");
}
-static void save (const struct ipt_ip *ip,
- const struct ipt_entry_target *target)
+static void save (const struct ipt_ip *ip, const void *targetinfo)
{
- const struct ipt_XOR_info *info = (struct ipt_XOR_info *) target->data;
+ const struct ipt_XOR_info *info = targetinfo;
printf("--key %s ", info->key);
printf("--block-size %u ", info->block_size);
}
-static void print (const struct ipt_ip *ip,
- const struct ipt_entry_target *target, int numeric)
+static void print (const struct ipt_ip *ip, const void *targetinfo, int numeric)
{
- const struct ipt_XOR_info *info = (struct ipt_XOR_info *) target->data;
+ const struct ipt_XOR_info *info = targetinfo;
printf("key: %s ", info->key);
printf("block-size: %u ", info->block_size);
@@ -93,14 +86,13 @@
{ 0 }
};
-static struct iptables_target XOR = {
- .next = NULL,
+static struct xtables_target XOR = {
.name = "XOR",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_XOR_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_XOR_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_XOR_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_XOR_info)),
.help = &help,
- .init = &init,
.parse = &parse,
.final_check = &final_check,
.print = &print,
Modified: branches/iptables/iptables-1.4/extensions/libipt_account.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_account.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_account.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -46,7 +46,7 @@
};
/* Helper functions for parse_network */
-int parseip(const char *parameter, u_int32_t *ip) {
+static int parseip(const char *parameter, u_int32_t *ip) {
char buffer[16], *bufferptr, *dot;
unsigned int i, shift, part;
@@ -163,10 +163,10 @@
/* Function initializes match */
-static void init(struct ipt_entry_match *match,
+static void init(void *matchinfo,
unsigned int *nfcache) {
- struct t_ipt_account_info *info = (struct t_ipt_account_info *)(match)->data;
+ struct t_ipt_account_info *info = matchinfo;
/* set default table name to DEFAULT */
@@ -181,9 +181,9 @@
unsigned int *flags,
const struct ipt_entry *entry,
unsigned int *nfcache,
- struct ipt_entry_match **match) {
+ void *matchinfo) {
- struct t_ipt_account_info *info = (struct t_ipt_account_info *)(*match)->data;
+ struct t_ipt_account_info *info = matchinfo;
switch (c) {
@@ -219,11 +219,10 @@
}
/* Function used for printing rule with account match for iptables -L */
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
+static void print(const struct ipt_ip *ip, const void *matchinfo,
int numeric) {
- struct t_ipt_account_info *info = (struct t_ipt_account_info *)match->data;
+ struct t_ipt_account_info *info = matchinfo;
printf("account: ");
printf("network/netmask: ");
@@ -238,10 +237,9 @@
}
/* Function used for saving rule containing account match */
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_match *match) {
+static void save(const struct ipt_ip *ip, consg void *matchinfo) {
- struct t_ipt_account_info *info = (struct t_ipt_account_info *)match->data;
+ struct t_ipt_account_info *info = matchinfo;
printf("--aaddr ");
printf("%u.%u.%u.%u/%u.%u.%u.%u ",
@@ -256,10 +254,11 @@
static struct iptables_match account = {
.next = NULL,
+ .pf = AF_INET,
.name = "account",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
+ .size = XT_ALIGN(sizeof(struct t_ipt_account_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct t_ipt_account_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_addrtype.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_addrtype.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_addrtype.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -83,10 +83,9 @@
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
- struct ipt_entry_match **match)
+ void *matchinfo)
{
- struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) (*match)->data;
+ struct ipt_addrtype_info *info = matchinfo;
switch (c) {
case '1':
@@ -137,12 +136,9 @@
printf(" ");
}
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) match->data;
+ const struct ipt_addrtype_info *info = matchinfo;
printf("ADDRTYPE match ");
if (info->source) {
@@ -159,11 +155,9 @@
}
}
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, void *matchinfo)
{
- const struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) match->data;
+ const struct ipt_addrtype_info *info = matchinfo;
if (info->source) {
printf("--src-type ");
@@ -188,10 +182,11 @@
static
struct iptables_match addrtype = {
.next = NULL,
+ .pf = AF_INET,
.name = "addrtype",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ah.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ah.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ah.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -68,9 +68,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_ah *ahinfo = (struct ipt_ah *)m->data;
+ struct ipt_ah *ahinfo = matchinfo;
ahinfo->spis[1] = 0xFFFFFFFF;
}
@@ -82,10 +82,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_ah *ahinfo = (struct ipt_ah *)(*match)->data;
+ struct ipt_ah *ahinfo = matchinfo;
switch (c) {
case '1':
@@ -134,10 +133,9 @@
/* Prints out the union ipt_matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_ah *ah = (struct ipt_ah *)match->data;
+ const struct ipt_ah *ah = matchinfo;
printf("ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
@@ -148,9 +146,9 @@
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
+ const struct ipt_ah *ahinfo = matchinfo;
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
@@ -168,12 +166,12 @@
}
-static struct iptables_match ah = {
- .next = NULL,
+static struct xtables_match ah = {
.name = "ah",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ah)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ah)),
+ .size = XT_ALIGN(sizeof(struct ipt_ah)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_childlevel.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_childlevel.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_childlevel.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -42,10 +42,9 @@
/* Function which parses command options; returns true if it ate an option */
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
- struct ipt_entry_match **match)
+ void *matchinfo)
{
- struct ipt_childlevel_info *childlevelinfo =
- (struct ipt_childlevel_info *)(*match)->data;
+ struct ipt_childlevel_info *childlevelinfo = matchinfo;
switch (c) {
case '1':
@@ -78,29 +77,29 @@
}
/* Prints out the matchinfo. */
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
+ const struct ipt_childlevel_info *info = matchinfo;
+
printf("CHILDLEVEL ");
- print_protocol(((struct ipt_childlevel_info *)match->data)->childlevel,
- ((struct ipt_childlevel_info *)match->data)->invert, numeric);
+ print_protocol(info->childlevel, info->invert, numeric);
}
+
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_childlevel_info *info =
- (const struct ipt_childlevel_info*) match->data;
+ const struct ipt_childlevel_info *info = matchinfo;
printf("--childlevel %s%d ", (info->invert) ? "! ": "", info->childlevel);
}
static struct iptables_match childlevel = {
.name = "childlevel",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_childlevel_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_childlevel_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_childlevel_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_comment.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_comment.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_comment.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -45,11 +45,10 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ const struct ipt_entry *entry, unsigned int *nfcache,
+ void *matchinfo)
{
- struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)(*match)->data;
+ struct ipt_comment_info *commentinfo = matchinfo;
switch (c) {
case '1':
@@ -79,11 +78,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
+ struct ipt_comment_info *commentinfo = matchinfo;
commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
printf("/* %s */ ", commentinfo->comment);
@@ -91,9 +88,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_comment_info *commentinfo = (struct ipt_comment_info *)match->data;
+ struct ipt_comment_info *commentinfo = matchinfo;
commentinfo->comment[IPT_MAX_COMMENT_LEN-1] = '\0';
printf("--comment \"%s\" ", commentinfo->comment);
@@ -102,9 +99,10 @@
static struct iptables_match comment = {
.next = NULL,
.name = "comment",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_comment_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_comment_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_comment_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_comment_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_condition.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_condition.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_condition.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -27,10 +27,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
- struct ipt_entry_match **match)
+ void *matchinfo)
{
- struct condition_info *info =
- (struct condition_info *) (*match)->data;
+ struct condition_info *info = matchinfo;
if (c == 'X') {
if (*flags)
@@ -64,22 +63,18 @@
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct condition_info *info =
- (const struct condition_info *) match->data;
+ const struct condition_info *info = matchinfo;
printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
}
static void
-save(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct condition_info *info =
- (const struct condition_info *) match->data;
+ const struct condition_info *info = matchinfo;
printf("--condition %s\"%s\" ", (info->invert) ? "! " : "", info->name);
}
@@ -88,8 +83,9 @@
static struct iptables_match condition = {
.name = "condition",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct condition_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct condition_info)),
+ .pf = AF_INET,
+ .size = XT_ALIGN(sizeof(struct condition_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct condition_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_connbytes.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connbytes.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connbytes.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -49,11 +49,9 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ const struct ipt_entry *entry, unsigned int *nfcache, void *matchinfo)
{
- struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)(*match)->data;
+ struct ipt_connbytes_info *sinfo = matchinfo;
unsigned long i;
switch (c) {
@@ -146,11 +144,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
+ const struct ipt_connbytes_info *sinfo = matchinfo;
if (sinfo->count.from > sinfo->count.to)
printf("connbytes ! %llu:%llu ", sinfo->count.to,
@@ -167,9 +163,9 @@
}
/* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
+ const struct ipt_connbytes_info *sinfo = matchinfo;
if (sinfo->count.from > sinfo->count.to)
printf("! --connbytes %llu:%llu ", sinfo->count.to,
@@ -185,9 +181,10 @@
print_direction(sinfo);
}
-static struct iptables_match state = {
+static struct iptables_match connbytes = {
.next = NULL,
.name = "connbytes",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
.size = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
.userspacesize = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
@@ -201,5 +198,5 @@
void _init(void)
{
- register_match(&state);
+ register_match(&connbytes);
}
Modified: branches/iptables/iptables-1.4/extensions/libipt_connlimit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connlimit.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connlimit.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -31,10 +31,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+ struct ipt_connlimit_info *info = matchinfo;
int i;
if (0 == (*flags & 2)) {
@@ -94,20 +93,18 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)match->data;
+ struct ipt_connlimit_info *info = matchinfo;
printf("#conn/%d %s %d ", count_bits(info->mask),
info->inverse ? "<" : ">", info->limit);
}
/* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)match->data;
+ struct ipt_connlimit_info *info = matchinfo;
printf("%s--connlimit-above %d ",info->inverse ? "! " : "",info->limit);
printf("--connlimit-mask %d ",count_bits(info->mask));
@@ -115,8 +112,9 @@
static struct iptables_match connlimit = {
.name = "connlimit",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_connlimit_info)),
.userspacesize = offsetof(struct ipt_connlimit_info,data),
.help = help,
.parse = parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_connmark.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connmark.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connmark.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -57,10 +57,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_connmark_info *markinfo = (struct ipt_connmark_info *)(*match)->data;
+ struct ipt_connmark_info *markinfo = matchinfo;
switch (c) {
char *end;
@@ -106,11 +105,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
+ struct ipt_connmark_info *info = matchinfo;
printf("CONNMARK match ");
if (info->invert)
@@ -120,9 +117,9 @@
/* Saves the matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
+ struct ipt_connmark_info *info = matchinfo;
if (info->invert)
printf("! ");
@@ -131,11 +128,12 @@
print_mark(info->mark, info->mask, 0);
}
-static struct iptables_match connmark_match = {
+static struct xtables_match connmark_match = {
.name = "connmark",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_connmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_connmark_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_connrate.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_connrate.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_connrate.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -77,10 +77,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_connrate_info *sinfo = (struct ipt_connrate_info *)(*match)->data;
+ struct ipt_connrate_info *sinfo = matchinfo;
u_int32_t tmp;
switch (c) {
@@ -122,7 +121,7 @@
}
static void
-print_range(struct ipt_connrate_info *sinfo)
+print_range(const struct ipt_connrate_info *sinfo)
{
if (sinfo->from > sinfo->to) {
printf("! ");
@@ -138,11 +137,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_connrate_info *sinfo = (struct ipt_connrate_info *)match->data;
+ const struct ipt_connrate_info *sinfo = matchinfo;
printf("connrate ");
print_range(sinfo);
@@ -150,21 +147,22 @@
}
/* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_connrate_info *sinfo = (struct ipt_connrate_info *)match->data;
+ const struct ipt_connrate_info *sinfo = matchinfo;
printf("--connrate ");
print_range(sinfo);
printf(" ");
}
-static struct iptables_match state = {
+static struct xtables_match state = {
.next = NULL,
.name = "connrate",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_connrate_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_connrate_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_connrate_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_connrate_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_conntrack.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_conntrack.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_conntrack.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -187,10 +187,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_conntrack_info *sinfo = (struct ipt_conntrack_info *)(*match)->data;
+ struct ipt_conntrack_info *sinfo = matchinfo;
char *protocol = NULL;
unsigned int naddrs = 0;
struct in_addr *addrs = NULL;
@@ -431,9 +430,10 @@
/* Saves the matchinfo in parsable form to stdout. */
static void
-matchinfo_print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric, const char *optpfx)
+matchinfo_print(const struct ipt_ip *ip, const void *matchinfo,
+ int numeric, const char *optpfx)
{
- struct ipt_conntrack_info *sinfo = (struct ipt_conntrack_info *)match->data;
+ struct ipt_conntrack_info *sinfo = matchinfo;
if(sinfo->flags & IPT_CONNTRACK_STATE) {
printf("%sctstate ", optpfx);
@@ -517,25 +517,24 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- matchinfo_print(ip, match, numeric, "");
+ matchinfo_print(ip, matchinfo, numeric, "");
}
/* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- matchinfo_print(ip, match, 1, "--");
+ matchinfo_print(ip, matchinfo, 1, "--");
}
static struct iptables_match conntrack = {
.next = NULL,
.name = "conntrack",
+ .pf = AF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_conntrack_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_conntrack_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_dccp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_dccp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_dccp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,10 +26,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m,
- unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_dccp_info *einfo = (struct ipt_dccp_info *)m->data;
+ struct ipt_dccp_info *einfo = matchinfo;
memset(einfo, 0, sizeof(struct ipt_dccp_info));
}
@@ -160,11 +159,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_dccp_info *einfo
- = (struct ipt_dccp_info *)(*match)->data;
+ struct ipt_dccp_info *einfo = matchinfo;
switch (c) {
case '1':
@@ -304,12 +301,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_dccp_info *einfo =
- (const struct ipt_dccp_info *)match->data;
+ const struct ipt_dccp_info *einfo = matchinfo;
printf("dccp ");
@@ -339,11 +333,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_dccp_info *einfo =
- (const struct ipt_dccp_info *)match->data;
+ const struct ipt_dccp_info *einfo = matchinfo;
if (einfo->flags & IPT_DCCP_SRC_PORTS) {
if (einfo->invflags & IPT_DCCP_SRC_PORTS)
@@ -381,8 +373,9 @@
struct iptables_match dccp
= { .name = "dccp",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_dccp_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_dccp_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_dccp_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_dccp_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_dscp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_dscp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_dscp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -76,11 +76,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_dscp_info *dinfo
- = (struct ipt_dscp_info *)(*match)->data;
+ struct ipt_dscp_info *dinfo = matchinfo;
switch (c) {
case 'F':
@@ -131,22 +129,19 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_dscp_info *dinfo =
- (const struct ipt_dscp_info *)match->data;
+ const struct ipt_dscp_info *dinfo = matchinfo;
+
printf("DSCP match ");
print_dscp(dinfo->dscp, dinfo->invert, numeric);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_dscp_info *dinfo =
- (const struct ipt_dscp_info *)match->data;
+ const struct ipt_dscp_info *dinfo = matchinfo;
printf("--dscp ");
print_dscp(dinfo->dscp, dinfo->invert, 1);
@@ -155,9 +150,10 @@
static struct iptables_match dscp = {
.next = NULL,
.name = "dscp",
+ .pf = PF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_dscp_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_dscp_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_dscp_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_dscp_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_dstlimit.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -97,9 +97,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_dstlimit_info *r = (struct ipt_dstlimit_info *)m->data;
+ struct ipt_dstlimit_info *r = matchinfo;
r->cfg.burst = IPT_DSTLIMIT_BURST;
r->cfg.gc_interval = IPT_DSTLIMIT_GCINTERVAL;
@@ -121,11 +121,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_dstlimit_info *r =
- (struct ipt_dstlimit_info *)(*match)->data;
+ struct ipt_dstlimit_info *r = matchinfo;
unsigned int num;
switch(c) {
@@ -253,12 +251,10 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
+print(const struct ipt_ip *ip, const void *matchinfo,
int numeric)
{
- struct ipt_dstlimit_info *r =
- (struct ipt_dstlimit_info *)match->data;
+ struct ipt_dstlimit_info *r = matchinfo;
printf("limit: avg "); print_rate(r->cfg.avg);
printf("burst %u ", r->cfg.burst);
switch (r->cfg.mode) {
@@ -286,10 +282,9 @@
}
/* FIXME: Make minimalist: only print rate if not default --RR */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_dstlimit_info *r =
- (struct ipt_dstlimit_info *)match->data;
+ const struct ipt_dstlimit_info *r = matchinfo;
printf("--dstlimit "); print_rate(r->cfg.avg);
if (r->cfg.burst != IPT_DSTLIMIT_BURST)
@@ -318,12 +313,13 @@
printf("--dstlimit-htable-expire %u ", r->cfg.expire);
}
-static struct iptables_match dstlimit = {
+static struct xtables_match dstlimit = {
.next = NULL,
.name = "dstlimit",
+ .pf = PF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_dstlimit_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_dstlimit_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_dstlimit_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_dstlimit_info)),
//offsetof(struct ipt_dstlimit_info, prev),
.help = &help,
.init = &init,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ecn.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ecn.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ecn.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -36,12 +36,10 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
unsigned int result;
- struct ipt_ecn_info *einfo
- = (struct ipt_ecn_info *)(*match)->data;
+ struct ipt_ecn_info *einfo = matchinfo;
switch (c) {
case 'F':
@@ -97,12 +95,10 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
+print(const struct ipt_ip *ip, const void *matchinfo,
int numeric)
{
- const struct ipt_ecn_info *einfo =
- (const struct ipt_ecn_info *)match->data;
+ const struct ipt_ecn_info *einfo = matchinfo;
printf("ECN match ");
@@ -127,10 +123,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_ecn_info *einfo =
- (const struct ipt_ecn_info *)match->data;
+ const struct ipt_ecn_info *einfo = matchinfo;
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
@@ -152,11 +147,12 @@
}
static
-struct iptables_match ecn
+struct xtables_match ecn
= { .name = "ecn",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ecn_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ecn_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_esp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_esp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_esp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -68,9 +68,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_esp *espinfo = (struct ipt_esp *)m->data;
+ struct ipt_esp *espinfo = matchinfo;
espinfo->spis[1] = 0xFFFFFFFF;
}
@@ -134,10 +134,9 @@
/* Prints out the union ipt_matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_esp *esp = (struct ipt_esp *)match->data;
+ const struct ipt_esp *esp = matchinfo;
printf("esp ");
print_spis("spi", esp->spis[0], esp->spis[1],
@@ -148,9 +147,9 @@
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_esp *espinfo = (struct ipt_esp *)match->data;
+ const struct ipt_esp *espinfo = matchinfo;
if (!(espinfo->spis[0] == 0
&& espinfo->spis[1] == 0xFFFFFFFF)) {
@@ -168,12 +167,13 @@
}
-static struct iptables_match esp = {
+static struct xtables_match esp = {
.next = NULL,
.name = "esp",
+ .pf = PF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_esp)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_esp)),
+ .size = XT_ALIGN(sizeof(struct ipt_esp)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_esp)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_fuzzy.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -40,9 +40,9 @@
/* Initialize data structures */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_fuzzy_info *presentinfo = (struct ipt_fuzzy_info *)(m)->data;
+ struct ipt_fuzzy_info *presentinfo = matchinfo;
/*
* Default rates ( I'll improve this very soon with something based
@@ -59,12 +59,10 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
+ struct ipt_fuzzy_info *fuzzyinfo = matchinfo;
-struct ipt_fuzzy_info *fuzzyinfo = (struct ipt_fuzzy_info *)(*match)->data;
-
u_int32_t num;
switch (c) {
@@ -114,12 +112,9 @@
}
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_fuzzy_info *fuzzyinfo
- = (const struct ipt_fuzzy_info *)match->data;
+ const struct ipt_fuzzy_info *fuzzyinfo = matchinfo;
printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ",fuzzyinfo->minimum_rate,fuzzyinfo->maximum_rate);
@@ -127,22 +122,22 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_fuzzy_info *fuzzyinfo
- = (const struct ipt_fuzzy_info *)match->data;
+ const struct ipt_fuzzy_info *fuzzyinfo = matchinfo;
printf("--lower-limit %u ",fuzzyinfo->minimum_rate);
printf("--upper-limit %u ",fuzzyinfo->maximum_rate);
}
-static struct iptables_match fuzzy_match = {
+static struct xtables_match fuzzy_match = {
.next = NULL,
.name = "fuzzy",
+ .pf = PF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_fuzzy_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_fuzzy_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_fuzzy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_fuzzy_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_hashlimit.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -96,9 +96,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_hashlimit_info *r = (struct ipt_hashlimit_info *)m->data;
+ struct ipt_hashlimit_info *r = matchinfo;
r->cfg.burst = IPT_HASHLIMIT_BURST;
r->cfg.gc_interval = IPT_HASHLIMIT_GCINTERVAL;
@@ -151,12 +151,10 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ const struct ipt_entry *entry, unsigned int *nfcache,
+ void *matchinfo)
{
- struct ipt_hashlimit_info *r =
- (struct ipt_hashlimit_info *)(*match)->data;
+ struct ipt_hashlimit_info *r = matchinfo;
unsigned int num;
switch(c) {
@@ -304,12 +302,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_hashlimit_info *r =
- (struct ipt_hashlimit_info *)match->data;
+ const struct ipt_hashlimit_info *r = matchinfo;
fputs("limit: avg ", stdout); print_rate(r->cfg.avg);
printf("burst %u ", r->cfg.burst);
fputs("mode ", stdout);
@@ -325,10 +320,9 @@
}
/* FIXME: Make minimalist: only print rate if not default --RR */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_hashlimit_info *r =
- (struct ipt_hashlimit_info *)match->data;
+ const struct ipt_hashlimit_info *r = matchinfo;
fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
if (r->cfg.burst != IPT_HASHLIMIT_BURST)
@@ -349,10 +343,11 @@
printf("--hashlimit-htable-expire %u ", r->cfg.expire);
}
-static struct iptables_match hashlimit = { NULL,
+static struct xtables_match hashlimit = {
.name = "hashlimit",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_hashlimit_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_hashlimit_info)),
.userspacesize = offsetof(struct ipt_hashlimit_info, hinfo),
.help = &help,
.init = &init,
Modified: branches/iptables/iptables-1.4/extensions/libipt_helper.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_helper.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_helper.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -29,10 +29,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_helper_info *info = (struct ipt_helper_info *)(*match)->data;
+ struct ipt_helper_info *info = matchinfo;
switch (c) {
case '1':
@@ -64,29 +63,28 @@
/* Prints out the info. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_helper_info *info = (struct ipt_helper_info *)match->data;
+ const struct ipt_helper_info *info = matchinfo;
printf("helper match %s\"%s\" ", info->invert ? "! " : "", info->name);
}
/* Saves the union ipt_info in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_helper_info *info = (struct ipt_helper_info *)match->data;
+ const struct ipt_helper_info *info = matchinfo;
printf("%s--helper \"%s\" ",info->invert ? "! " : "", info->name);
}
-static struct iptables_match helper = {
+static struct xtables_match helper = {
.next = NULL,
.name = "helper",
+ .pf = PF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_helper_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_helper_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_icmp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_icmp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_icmp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -169,9 +169,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_icmp *icmpinfo = (struct ipt_icmp *)m->data;
+ struct ipt_icmp *icmpinfo = matchinfo;
icmpinfo->type = 0xFF;
icmpinfo->code[1] = 0xFF;
@@ -182,10 +182,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_icmp *icmpinfo = (struct ipt_icmp *)(*match)->data;
+ struct ipt_icmp *icmpinfo = matchinfo;
switch (c) {
case '1':
@@ -242,11 +241,9 @@
/* Prints out the union ipt_matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
+ const struct ipt_icmp *icmp = matchinfo;
printf("icmp ");
print_icmptype(icmp->type, icmp->code[0], icmp->code[1],
@@ -259,9 +256,9 @@
}
/* Saves the match in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
+ const struct ipt_icmp *icmp = matchinfo;
if (icmp->invflags & IPT_ICMP_INV)
printf("! ");
@@ -282,12 +279,13 @@
{
}
-static struct iptables_match icmp = {
+static struct xtables_match icmp = {
.next = NULL,
.name = "icmp",
+ .pf = PF_INET,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_icmp)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_icmp)),
+ .size = XT_ALIGN(sizeof(struct ipt_icmp)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_icmp)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_iprange.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_iprange.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_iprange.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -57,10 +57,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
+ struct ipt_iprange_info *info = matchinfo;
switch (c) {
case '1':
@@ -123,11 +122,9 @@
/* Prints out the info. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
+ struct ipt_iprange_info *info = matchinfo;
if (info->flags & IPRANGE_SRC) {
printf("source IP range ");
@@ -145,9 +142,9 @@
/* Saves the union ipt_info in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
+ struct ipt_iprange_info *info = matchinfo;
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
@@ -165,12 +162,13 @@
}
}
-static struct iptables_match iprange = {
+static struct xtables_match iprange = {
.next = NULL,
.name = "iprange",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_iprange_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_iprange_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ipv4options.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -40,10 +40,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_ipv4options_info *info = (struct ipt_ipv4options_info *)(*match)->data;
+ struct ipt_ipv4options_info *info = matchinfo;
switch (c)
{
@@ -226,11 +225,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_ipv4options_info *info = ((struct ipt_ipv4options_info *)match->data);
+ const struct ipt_ipv4options_info *info = matchinfo;
printf(" IPV4OPTS");
if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
@@ -261,9 +258,9 @@
/* Saves the data in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_ipv4options_info *info = ((struct ipt_ipv4options_info *)match->data);
+ const struct ipt_ipv4options_info *info = matchinfo;
if (info->options & IPT_IPV4OPTION_MATCH_SSRR)
printf(" --ssrr");
@@ -291,12 +288,12 @@
printf(" ");
}
-static struct iptables_match ipv4options_struct = {
- .next = NULL,
+static struct xtables_match ipv4options_struct = {
.name = "ipv4options",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ipv4options_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ipv4options_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_length.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_length.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_length.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -67,10 +67,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_length_info *info = (struct ipt_length_info *)(*match)->data;
+ struct ipt_length_info *info = matchinfo;
switch (c) {
case '1':
@@ -115,28 +114,30 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
+ const struct ipt_length_info *info = matchinfo;
+
printf("length ");
- print_length((struct ipt_length_info *)match->data);
+ print_length(info);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
+ const struct ipt_length_info *info = matchinfo;
+
printf("--length ");
- print_length((struct ipt_length_info *)match->data);
+ print_length(info);
}
-static struct iptables_match length = {
- .next = NULL,
+static struct xtables_match length = {
.name = "length",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_length_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_length_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_length_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_length_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_limit.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_limit.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_limit.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -74,9 +74,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_rateinfo *r = (struct ipt_rateinfo *)m->data;
+ struct ipt_rateinfo *r = matchinfo;
parse_rate(IPT_LIMIT_AVG, &r->avg);
r->burst = IPT_LIMIT_BURST;
@@ -94,10 +94,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_rateinfo *r = (struct ipt_rateinfo *)(*match)->data;
+ struct ipt_rateinfo *r = matchinfo;
unsigned int num;
switch(c) {
@@ -156,30 +155,28 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_rateinfo *r = (struct ipt_rateinfo *)match->data;
+ struct ipt_rateinfo *r = matchinfo;
printf("limit: avg "); print_rate(r->avg);
printf("burst %u ", r->burst);
}
/* FIXME: Make minimalist: only print rate if not default --RR */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_rateinfo *r = (struct ipt_rateinfo *)match->data;
+ struct ipt_rateinfo *r = matchinfo;
printf("--limit "); print_rate(r->avg);
if (r->burst != IPT_LIMIT_BURST)
printf("--limit-burst %u ", r->burst);
}
-static struct iptables_match limit = {
- .next = NULL,
+static struct xtables_match limit = {
.name = "limit",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_rateinfo)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_rateinfo)),
.userspacesize = offsetof(struct ipt_rateinfo, prev),
.help = &help,
.init = &init,
Modified: branches/iptables/iptables-1.4/extensions/libipt_mac.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_mac.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_mac.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -57,10 +57,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_mac_info *macinfo = (struct ipt_mac_info *)(*match)->data;
+ struct ipt_mac_info *macinfo = matchinfo;
switch (c) {
case '1':
@@ -98,34 +97,36 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
+ const struct ipt_mac_info *info = matchinfo;
+
printf("MAC ");
- if (((struct ipt_mac_info *)match->data)->invert)
+ if (info->invert)
printf("! ");
- print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
+ print_mac(info->srcaddr);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- if (((struct ipt_mac_info *)match->data)->invert)
+ const struct ipt_mac_info *info = matchinfo;
+
+ if (info->invert)
printf("! ");
printf("--mac-source ");
- print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
+ print_mac(info->srcaddr);
}
-static struct iptables_match mac = {
- .next = NULL,
+static struct xtables_match mac = {
.name = "mac",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_mac_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mac_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_mac_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_mac_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_mark.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_mark.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_mark.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -30,10 +30,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_mark_info *markinfo = (struct ipt_mark_info *)(*match)->data;
+ struct ipt_mark_info *markinfo = matchinfo;
switch (c) {
char *end;
@@ -96,11 +95,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_mark_info *info = (struct ipt_mark_info *)match->data;
+ struct ipt_mark_info *info = matchinfo;
printf("MARK match ");
@@ -112,9 +109,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_mark_info *info = (struct ipt_mark_info *)match->data;
+ struct ipt_mark_info *info = matchinfo;
if (info->invert)
printf("! ");
@@ -123,12 +120,12 @@
print_mark(info->mark, info->mask, 0);
}
-static struct iptables_match mark = {
- .next = NULL,
+static struct xtables_match mark = {
.name = "mark",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_mark_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_mark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_mark_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_mport.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_mport.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_mport.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -127,12 +127,10 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
const char *proto;
- struct ipt_mport *minfo
- = (struct ipt_mport *)(*match)->data;
+ struct ipt_mport *minfo = matchinfo;
switch (c) {
case '1':
@@ -204,12 +202,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_mport *minfo
- = (const struct ipt_mport *)match->data;
+ const struct ipt_mport *minfo = matchinfo;
unsigned int i;
u_int16_t pflags = minfo->pflags;
@@ -251,10 +246,9 @@
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_mport *minfo
- = (const struct ipt_mport *)match->data;
+ const struct ipt_mport *minfo = matchinfo;
unsigned int i;
u_int16_t pflags = minfo->pflags;
@@ -290,11 +284,11 @@
}
static struct iptables_match mport = {
- .next = NULL,
.name = "mport",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_mport)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mport)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_mport)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_mport)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_multiport.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_multiport.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_multiport.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -137,7 +137,7 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
}
@@ -165,12 +165,10 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
const char *proto;
- struct ipt_multiport *multiinfo
- = (struct ipt_multiport *)(*match)->data;
+ struct ipt_multiport *multiinfo = matchinfo;
switch (c) {
case '1':
@@ -397,11 +395,9 @@
printf(" ");
}
-static void save_v1(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
+static void save_v1(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_multiport_v1 *multiinfo
- = (const struct ipt_multiport_v1 *)match->data;
+ const struct ipt_multiport_v1 *multiinfo = matchinfo;
unsigned int i;
switch (multiinfo->flags) {
@@ -432,13 +428,13 @@
printf(" ");
}
-static struct iptables_match multiport = {
- .next = NULL,
+static struct xtables_match multiport = {
.name = "multiport",
- .revision = 0,
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_multiport)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_multiport)),
+ .pf = PF_INET,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct ipt_multiport)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_multiport)),
.help = &help,
.init = &init,
.parse = &parse,
@@ -448,13 +444,13 @@
.extra_opts = opts
};
-static struct iptables_match multiport_v1 = {
- .next = NULL,
+static struct xtables_match multiport_v1 = {
.name = "multiport",
.version = IPTABLES_VERSION,
+ .pf = PF_INET,
.revision = 1,
- .size = IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
+ .size = XT_ALIGN(sizeof(struct ipt_multiport_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_multiport_v1)),
.help = &help_v1,
.init = &init,
.parse = &parse_v1,
Modified: branches/iptables/iptables-1.4/extensions/libipt_nth.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_nth.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_nth.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -61,10 +61,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_nth_info *nthinfo = (struct ipt_nth_info *)(*match)->data;
+ struct ipt_nth_info *nthinfo = matchinfo;
unsigned int num;
switch (c) {
@@ -175,12 +174,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_nth_info *nthinfo
- = (const struct ipt_nth_info *)match->data;
+ const struct ipt_nth_info *nthinfo = matchinfo;
if (nthinfo->not == 1)
printf(" !");
@@ -195,10 +191,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_nth_info *nthinfo
- = (const struct ipt_nth_info *)match->data;
+ const struct ipt_nth_info *nthinfo = matchinfo;
if (nthinfo->not == 1)
printf("! ");
@@ -210,12 +205,12 @@
printf("--packet %u ", nthinfo->packet );
}
-static struct iptables_match nth = {
- .next = NULL,
+static struct xtables_match nth = {
.name = "nth",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_nth_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_nth_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_nth_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_nth_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_osf.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_osf.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_osf.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -67,10 +67,9 @@
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_osf_info *info = (struct ipt_osf_info *)(*match)->data;
+ struct ipt_osf_info *info = matchinfo;
switch(c)
{
@@ -122,26 +121,26 @@
exit_error(PARAMETER_PROBLEM, "OS fingerprint match: You must specify `--genre'");
}
-static void print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_osf_info *info = (const struct ipt_osf_info*) match->data;
+ const struct ipt_osf_info *info = matchinfo;
printf("OS fingerprint match %s%s ", (info->invert) ? "!" : "", info->genre);
}
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_osf_info *info = (const struct ipt_osf_info*) match->data;
+ const struct ipt_osf_info *info = matchinfo;
printf("--genre %s%s ", (info->invert) ? "! ": "", info->genre);
}
-static struct iptables_match osf_match = {
+static struct xtables_match osf_match = {
.name = "osf",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_osf_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_osf_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_osf_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_osf_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_owner.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_owner.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_owner.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -54,10 +54,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_owner_info *ownerinfo = (struct ipt_owner_info *)(*match)->data;
+ struct ipt_owner_info *ownerinfo = matchinfo;
switch (c) {
char *end;
@@ -200,11 +199,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, void *matchinfo, int numeric)
{
- struct ipt_owner_info *info = (struct ipt_owner_info *)match->data;
+ const struct ipt_owner_info *info = matchinfo;
print_item(info, IPT_OWNER_UID, numeric, "OWNER UID match ");
print_item(info, IPT_OWNER_GID, numeric, "OWNER GID match ");
@@ -217,9 +214,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_owner_info *info = (struct ipt_owner_info *)match->data;
+ const struct ipt_owner_info *info = matchinfo;
print_item(info, IPT_OWNER_UID, 0, "--uid-owner ");
print_item(info, IPT_OWNER_GID, 0, "--gid-owner ");
@@ -230,12 +227,12 @@
#endif
}
-static struct iptables_match owner = {
- .next = NULL,
+static struct xtables_match owner = {
.name = "owner",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_owner_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_owner_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_owner_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_physdev.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_physdev.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_physdev.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -35,18 +35,16 @@
};
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
}
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_physdev_info *info =
- (struct ipt_physdev_info*)(*match)->data;
+ struct ipt_physdev_info *info = matchinfo;
switch (c) {
case '1':
@@ -121,12 +119,9 @@
}
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_physdev_info *info =
- (struct ipt_physdev_info*)match->data;
+ const struct ipt_physdev_info *info = matchinfo;
printf("PHYSDEV match");
if (info->bitmask & IPT_PHYSDEV_OP_ISIN)
@@ -148,10 +143,9 @@
printf(" ");
}
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_physdev_info *info =
- (struct ipt_physdev_info*)match->data;
+ const struct ipt_physdev_info *info = matchinfo;
if (info->bitmask & IPT_PHYSDEV_OP_ISIN)
printf("%s --physdev-is-in",
@@ -172,12 +166,12 @@
printf(" ");
}
-static struct iptables_match physdev = {
- .next = NULL,
+static struct xtables_match physdev = {
.name = "physdev",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_physdev_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_physdev_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_physdev_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_physdev_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_pkttype.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_pkttype.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_pkttype.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -87,10 +87,9 @@
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_pkttype_info *info = (struct ipt_pkttype_info *)(*match)->data;
+ struct ipt_pkttype_info *info = matchinfo;
switch(c)
{
@@ -131,28 +130,28 @@
printf("%d ", info->pkttype); /* in case we didn't find an entry in named-packtes */
}
-static void print(const struct ipt_ip *ip, const struct ipt_entry_match *match, int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_pkttype_info *info = (struct ipt_pkttype_info *)match->data;
+ const struct ipt_pkttype_info *info = matchinfo;
printf("PKTTYPE %s= ", info->invert?"!":"");
print_pkttype(info);
}
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_pkttype_info *info = (struct ipt_pkttype_info *)match->data;
+ const struct ipt_pkttype_info *info = matchinfo;
printf("--pkt-type %s", info->invert?"! ":"");
print_pkttype(info);
}
-static struct iptables_match pkttype = {
- .next = NULL,
+static struct xtables_match pkttype = {
.name = "pkttype",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_pkttype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_pkttype_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_policy.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_policy.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_policy.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -127,8 +127,7 @@
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
struct ipt_policy_info *info = (void *)(*match)->data;
struct ipt_policy_elem *e = &info->pol[info->len];
@@ -386,11 +385,9 @@
printf("%sstrict ", prefix);
}
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_policy_info *info = (void *)match->data;
+ const struct ipt_policy_info *info = matchinfo;
unsigned int i;
printf("policy match ");
@@ -402,9 +399,9 @@
}
}
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_policy_info *info = (void *)match->data;
+ const struct ipt_policy_info *info = matchinfo;
unsigned int i;
print_flags("--", info);
@@ -415,11 +412,12 @@
}
}
-struct iptables_match policy = {
+struct xtables_match policy = {
.name = "policy",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_policy_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_policy_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_policy_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_policy_info)),
.help = help,
.init = init,
.parse = parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_pool.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_pool.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_pool.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -35,10 +35,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *match, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_pool_info *info =
- (struct ipt_pool_info *)match->data;
+ struct ipt_pool_info *info = matchinfo;
info->src = IP_POOL_NONE;
info->dst = IP_POOL_NONE;
@@ -49,11 +48,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_pool_info *info =
- (struct ipt_pool_info *)(*match)->data;
+ struct ipt_pool_info *info = matchinfo;
switch (c) {
case '1':
@@ -85,13 +82,10 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, void *matchinfo, int numeric)
{
char buf[256];
- struct ipt_pool_info *info =
- (struct ipt_pool_info *)match->data;
+ const struct ipt_pool_info *info = matchinfo;
if (info->src != IP_POOL_NONE)
printf("%ssrcpool %s ",
@@ -104,11 +98,10 @@
}
/* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
char buf[256];
- struct ipt_pool_info *info =
- (struct ipt_pool_info *)match->data;
+ const struct ipt_pool_info *info = matchinfo;
if (info->src != IP_POOL_NONE)
printf("%s--srcpool %s ",
@@ -120,12 +113,12 @@
ip_pool_get_name(buf, sizeof(buf), info->dst, 0));
}
-static struct iptables_match pool = {
- .next = NULL,
+static struct xtables_match pool = {
.name = "pool",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_pool_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_pool_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_pool_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_pool_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_psd.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_psd.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_psd.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -48,9 +48,9 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo *matchinfo, unsigned int *nfcache)
{
- struct ipt_psd_info *psdinfo = (struct ipt_psd_info *)m->data;
+ struct ipt_psd_info *psdinfo = matchinfo;
psdinfo->weight_threshold = SCAN_WEIGHT_THRESHOLD;
psdinfo->delay_threshold = SCAN_DELAY_THRESHOLD;
@@ -76,10 +76,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_psd_info *psdinfo = (struct ipt_psd_info *)(*match)->data;
+ struct ipt_psd_info *psdinfo = matchinfo;
unsigned int num;
switch (c) {
@@ -146,12 +145,9 @@
/* Prints out the targinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_psd_info *psdinfo
- = (const struct ipt_psd_info *)match->data;
+ const struct ipt_psd_info *psdinfo = matchinfo;
printf("psd ");
printf("weight-threshold: %u ", psdinfo->weight_threshold);
@@ -162,10 +158,9 @@
/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, void *matchinfo)
{
- const struct ipt_psd_info *psdinfo
- = (const struct ipt_psd_info *)match->data;
+ const struct ipt_psd_info *psdinfo = matchinfo;
printf("--psd-weight-threshold %u ", psdinfo->weight_threshold);
printf("--psd-delay-threshold %u ", psdinfo->delay_threshold);
@@ -173,12 +168,12 @@
printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
}
-static struct iptables_match psd = {
- .next = NULL,
+static struct xtables_match psd = {
.name = "psd",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_psd_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_psd_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_psd_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_psd_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_realm.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_realm.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_realm.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -33,10 +33,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_realm_info *realminfo = (struct ipt_realm_info *)(*match)->data;
+ struct ipt_realm_info *realminfo = matchinfo;
switch (c) {
char *end;
@@ -72,11 +71,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_realm_info *ri = (struct ipt_realm_info *) match->data;
+ const struct ipt_realm_info *ri = matchinfo;
if (ri->invert)
printf("! ");
@@ -88,9 +85,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_realm_info *ri = (struct ipt_realm_info *) match->data;
+ const struct ipt_realm_info *ri = matchinfo;
if (ri->invert)
printf("! ");
@@ -108,11 +105,12 @@
"REALM match: You must specify `--realm'");
}
-static struct iptables_match realm = { NULL,
+static struct xtables_match realm = {
.name = "realm",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_realm_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_realm_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_realm_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_realm_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_rpc.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_rpc.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_rpc.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -175,12 +175,10 @@
};
-static void init(struct ipt_entry_match *match, unsigned int *nfcache)
+static void init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
+ struct ipt_rpc_info *rpcinfo = matchinfo;
-
-
/* initialise those funky user vars */
rpcinfo->i_procs = -1;
rpcinfo->strict = 0;
@@ -188,7 +186,7 @@
}
-static void parse_rpcs_string(char *string, struct ipt_entry_match **match)
+static void parse_rpcs_string(char *string, struct ipt_rpc_info *rpcinfo)
{
char err1[64] = "%s invalid --rpcs option-set: `%s' (at character %i)";
char err2[64] = "%s unable to resolve rpc name entry: `%s'";
@@ -200,7 +198,6 @@
char *src, *dst;
char *c_procs;
struct rpcent *rpcent_ptr;
- struct ipt_rpc_info *rpcinfo = (struct ipt_rpc_info *)(*match)->data;
memset(buf, 0, sizeof(buf));
@@ -260,10 +257,9 @@
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_rpc_info *rpcinfo = (struct ipt_rpc_info *)(*match)->data;
+ struct ipt_rpc_info *rpcinfo = matchinfo;
switch (c)
@@ -275,7 +271,7 @@
if (*flags & IPT_RPC_RPCS)
exit_error(PARAMETER_PROBLEM,
"%s repeated use of --rpcs\n", preerr);
- parse_rpcs_string(optarg, match);
+ parse_rpcs_string(optarg, rpcinfo);
*flags |= IPT_RPC_RPCS;
break;
@@ -309,13 +305,10 @@
}
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
+ const struct ipt_rpc_info *rpcinfo = matchinfo;
-
printf("RPCs");
if(rpcinfo->strict == 1)
printf("[strict]");
@@ -333,11 +326,10 @@
}
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_rpc_info *rpcinfo = ((struct ipt_rpc_info *)match->data);
+ const struct ipt_rpc_info *rpcinfo = matchinfo;
-
if(rpcinfo->i_procs > -1) {
printf("--rpcs ");
print_rpcs((char *)&rpcinfo->c_procs, rpcinfo->i_procs, IPT_RPC_INT_NUM);
@@ -350,12 +342,11 @@
}
-static struct iptables_match rpcstruct = {
- .next = NULL,
+static struct xtables_match rpcstruct = {
.name = "rpc",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_rpc_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_rpc_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_rpc_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_rpc_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_sctp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_sctp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_sctp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -30,11 +30,10 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m,
- unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
int i;
- struct ipt_sctp_info *einfo = (struct ipt_sctp_info *)m->data;
+ struct ipt_sctp_info *einfo = matchinfo;
memset(einfo, 0, sizeof(struct ipt_sctp_info));
@@ -276,11 +275,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_sctp_info *einfo
- = (struct ipt_sctp_info *)(*match)->data;
+ struct ipt_sctp_info *einfo = matchinfo;
switch (c) {
case '1':
@@ -468,12 +465,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_sctp_info *einfo =
- (const struct ipt_sctp_info *)match->data;
+ const struct ipt_sctp_info *einfo = matchinfo;
printf("sctp ");
@@ -502,11 +496,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_sctp_info *einfo =
- (const struct ipt_sctp_info *)match->data;
+ const struct ipt_sctp_info *einfo = matchinfo;
if (einfo->flags & IPT_SCTP_SRC_PORTS) {
if (einfo->invflags & IPT_SCTP_SRC_PORTS)
@@ -538,12 +530,12 @@
}
}
-static
-struct iptables_match sctp
-= { .name = "sctp",
+static struct xtables_match sctp = {
+ .name = "sctp",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_sctp_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_sctp_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_sctp_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_sctp_info)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_standard.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_standard.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_standard.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -22,7 +22,7 @@
/* Initialize the target. */
static void
-init(struct ipt_entry_target *t, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
}
@@ -30,8 +30,7 @@
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target)
+ const struct ipt_entry *entry, void *matchinfo)
{
return 0;
}
@@ -43,17 +42,17 @@
/* Saves the targinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
}
static
-struct iptables_target standard = {
- .next = NULL,
+struct xtables_target standard = {
.name = "standard",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(int)),
- .userspacesize = IPT_ALIGN(sizeof(int)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(int)),
+ .userspacesize = XT_ALIGN(sizeof(int)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_state.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_state.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_state.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -143,12 +143,12 @@
print_state(sinfo->statemask);
}
-static struct iptables_match state = {
- .next = NULL,
+static struct xtables_match state = {
+ .pf = PF_INET,
.name = "state",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_state_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_state_info)),
+ .size = XT_ALIGN(sizeof(struct ipt_state_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_state_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
@@ -157,7 +157,22 @@
.extra_opts = opts
};
+static struct xtables_match state6 = {
+ .pf = PF_INET6,
+ .name = "state",
+ .version = IPTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct ipt_state_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_state_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
void _init(void)
{
register_match(&state);
+ register_match(&state6);
}
Modified: branches/iptables/iptables-1.4/extensions/libipt_tcp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_tcp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_tcp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -155,9 +155,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_tcp *tcpinfo = (struct ipt_tcp *)m->data;
+ struct ipt_tcp *tcpinfo = matchinfo;
tcpinfo->spts[1] = tcpinfo->dpts[1] = 0xFFFF;
}
@@ -172,10 +172,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_tcp *tcpinfo = (struct ipt_tcp *)(*match)->data;
+ struct ipt_tcp *tcpinfo = matchinfo;
switch (c) {
case '1':
@@ -341,10 +340,9 @@
/* Prints out the union ipt_matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_tcp *tcp = (struct ipt_tcp *)match->data;
+ const struct ipt_tcp *tcp = matchinfo;
printf("tcp ");
print_ports("spt", tcp->spts[0], tcp->spts[1],
@@ -365,9 +363,9 @@
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_tcp *tcpinfo = (struct ipt_tcp *)match->data;
+ const struct ipt_tcp *tcpinfo = matchinfo;
if (tcpinfo->spts[0] != 0
|| tcpinfo->spts[1] != 0xFFFF) {
@@ -418,12 +416,12 @@
}
}
-static struct iptables_match tcp = {
- .next = NULL,
+static struct xtables_match tcp = {
.name = "tcp",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_tcp)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_tcp)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_tcp)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tcp)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_tcpmss.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -61,11 +61,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_tcpmss_match_info *mssinfo =
- (struct ipt_tcpmss_match_info *)(*match)->data;
+ struct ipt_tcpmss_match_info *mssinfo = matchinfo;
switch (c) {
case '1':
@@ -108,12 +106,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_tcpmss_match_info *mssinfo =
- (const struct ipt_tcpmss_match_info *)match->data;
+ const struct ipt_tcpmss_match_info *mssinfo = matchinfo;
printf("tcpmss match ");
print_tcpmss(mssinfo->mss_min, mssinfo->mss_max,
@@ -122,22 +117,21 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_tcpmss_match_info *mssinfo =
- (const struct ipt_tcpmss_match_info *)match->data;
+ const struct ipt_tcpmss_match_info *mssinfo = matchinfo;
printf("--mss ");
print_tcpmss(mssinfo->mss_min, mssinfo->mss_max,
mssinfo->invert, 0);
}
-static struct iptables_match tcpmss = {
- .next = NULL,
+static struct xtables_match tcpmss = {
.name = "tcpmss",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_time.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_time.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_time.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -467,11 +467,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- struct ipt_time_info *time = ((struct ipt_time_info *)match->data);
+ struct ipt_time_info *time = matchinfo;
int hour_start, hour_stop, minute_start, minute_stop;
divide_time(time->time_start, &hour_start, &minute_start);
@@ -500,9 +498,9 @@
/* Saves the data in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- struct ipt_time_info *time = ((struct ipt_time_info *)match->data);
+ const struct ipt_time_info *time = matchinfo;
int hour_start, hour_stop, minute_start, minute_stop;
divide_time(time->time_start, &hour_start, &minute_start);
@@ -528,11 +526,11 @@
/* have to use offsetof() instead of IPT_ALIGN(), since kerneltime must not
* be compared when user deletes rule with '-D' */
static
-struct iptables_match timestruct = {
- .next = NULL,
+struct xtables_match timestruct = {
.name = "time",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_time_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_time_info)),
.userspacesize = offsetof(struct ipt_time_info, kerneltime),
.help = &help,
.init = &init,
Modified: branches/iptables/iptables-1.4/extensions/libipt_tos.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_tos.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_tos.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -77,10 +77,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_tos_info *tosinfo = (struct ipt_tos_info *)(*match)->data;
+ struct ipt_tos_info *tosinfo = matchinfo;
switch (c) {
case '1':
@@ -128,11 +127,9 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_tos_info *info = (const struct ipt_tos_info *)match->data;
+ const struct ipt_tos_info *info = matchinfo;
printf("TOS match ");
if (info->invert)
@@ -142,9 +139,9 @@
/* Saves the union ipt_matchinfo in parsable form to stdout. */
static void
-save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_tos_info *info = (const struct ipt_tos_info *)match->data;
+ const struct ipt_tos_info *info = matchinfo;
if (info->invert)
printf("! ");
@@ -152,12 +149,12 @@
print_tos(info->tos, 0);
}
-static struct iptables_match tos = {
- .next = NULL,
+static struct xtables_match tos = {
.name = "tos",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_tos_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_tos_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_tos_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_tos_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_ttl.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_ttl.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_ttl.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -26,9 +26,9 @@
static int parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry, unsigned int *nfcache,
- struct ipt_entry_match **match)
+ void *matchinfo)
{
- struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
+ struct ipt_ttl_info *info = matchinfo;
unsigned int value;
check_inverse(optarg, &invert, &optind, 0);
@@ -92,12 +92,9 @@
"`--ttl-eq', `--ttl-lt', `--ttl-gt");
}
-static void print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+static void print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_ttl_info *info =
- (struct ipt_ttl_info *) match->data;
+ const struct ipt_ttl_info *info = matchinfo;
printf("TTL match ");
switch (info->mode) {
@@ -117,11 +114,9 @@
printf("%u ", info->ttl);
}
-static void save(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_ttl_info *info =
- (struct ipt_ttl_info *) match->data;
+ const struct ipt_ttl_info *info = matchinfo;
switch (info->mode) {
case IPT_TTL_EQ:
@@ -151,12 +146,12 @@
{ 0 }
};
-static struct iptables_match ttl = {
- .next = NULL,
+static struct xtables_match ttl = {
.name = "ttl",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_ttl_info)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_ttl_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ttl_info)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_u32.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_u32.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_u32.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -93,10 +93,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_u32 *data = (struct ipt_u32 *)(*match)->data;
+ struct ipt_u32 *data = matchinfo;
char *arg = argv[optind-1]; /* the argument string */
char *start = arg;
int state=0, testind=0, locind=0, valind=0;
@@ -228,27 +227,29 @@
/* Prints out the matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
+ const struct ipt_u32 *info = matchinfo;
+
printf("u32 ");
- print_u32((struct ipt_u32 *)match->data);
+ print_u32(info);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
+ const struct ipt_u32 *info = matchinfo;
+
printf("--u32 ");
- print_u32((struct ipt_u32 *)match->data);
+ print_u32(info);
}
-struct iptables_match u32 = {
- .next = NULL,
+static struct xtables_match u32 = {
.name = "u32",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_u32)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_u32)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_u32)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_u32)),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/extensions/libipt_udp.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_udp.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_udp.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -79,9 +79,9 @@
/* Initialize the match. */
static void
-init(struct ipt_entry_match *m, unsigned int *nfcache)
+init(void *matchinfo, unsigned int *nfcache)
{
- struct ipt_udp *udpinfo = (struct ipt_udp *)m->data;
+ struct ipt_udp *udpinfo = matchinfo;
udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
}
@@ -94,10 +94,9 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
- struct ipt_udp *udpinfo = (struct ipt_udp *)(*match)->data;
+ struct ipt_udp *udpinfo = matchinfo;
switch (c) {
case '1':
@@ -180,10 +179,9 @@
/* Prints out the union ipt_matchinfo. */
static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match, int numeric)
+print(const struct ipt_ip *ip, const void *matchinfo, int numeric)
{
- const struct ipt_udp *udp = (struct ipt_udp *)match->data;
+ const struct ipt_udp *udp = matchinfo;
printf("udp ");
print_ports("spt", udp->spts[0], udp->spts[1],
@@ -198,9 +196,9 @@
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+static void save(const struct ipt_ip *ip, const void *matchinfo)
{
- const struct ipt_udp *udpinfo = (struct ipt_udp *)match->data;
+ const struct ipt_udp *udpinfo = matchinfo;
if (udpinfo->spts[0] != 0
|| udpinfo->spts[1] != 0xFFFF) {
@@ -233,11 +231,11 @@
static
struct iptables_match udp = {
- .next = NULL,
.name = "udp",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_udp)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_udp)),
+ .pf = PF_INET,
+ .size = XT_ALIGN(sizeof(struct ipt_udp)),
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_udp)),
.help = &help,
.init = &init,
.parse = &parse,
Modified: branches/iptables/iptables-1.4/extensions/libipt_unclean.c
===================================================================
--- branches/iptables/iptables-1.4/extensions/libipt_unclean.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/extensions/libipt_unclean.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -22,8 +22,7 @@
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
+ unsigned int *nfcache, void *matchinfo)
{
return 0;
}
@@ -34,12 +33,12 @@
}
static
-struct iptables_match unclean = {
- .next = NULL,
+struct xtables_match unclean = {
.name = "unclean",
.version = IPTABLES_VERSION,
- .size = IPT_ALIGN(0),
- .userspacesize = IPT_ALIGN(0),
+ .pf = PF_INET,
+ .size = XT_ALIGN(0),
+ .userspacesize = XT_ALIGN(0),
.help = &help,
.parse = &parse,
.final_check = &final_check,
Modified: branches/iptables/iptables-1.4/include/ip6tables.h
===================================================================
--- branches/iptables/iptables-1.4/include/ip6tables.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/ip6tables.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -12,115 +12,15 @@
{
struct ip6tables_rule_match *next;
- struct ip6tables_match *match;
+ struct xtables_match *match;
};
-/* Include file for additions: new matches and targets. */
-struct ip6tables_match
-{
- struct ip6tables_match *next;
+#define ip6tables_match xtables_match
+#define ip6tables_target xtables_target
- ip6t_chainlabel name;
-
- const char *version;
-
- /* Size of match data. */
- size_t size;
-
- /* Size of match data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the match. */
- void (*init)(struct ip6t_entry_match *m, unsigned int *nfcache);
-
- /* Function which parses command options; returns true if it
- ate an option */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const struct ip6t_entry *entry,
- unsigned int *nfcache,
- struct ip6t_entry_match **match);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the match iff non-NULL: put space at end */
- void (*print)(const struct ip6t_ip6 *ip,
- const struct ip6t_entry_match *match, int numeric);
-
- /* Saves the union ipt_matchinfo in parsable form to stdout. */
- void (*save)(const struct ip6t_ip6 *ip,
- const struct ip6t_entry_match *match);
-
- /* Pointer to list of extra command-line options */
- const struct option *extra_opts;
-
- /* Ignore these men behind the curtain: */
- unsigned int option_offset;
- struct ip6t_entry_match *m;
- unsigned int mflags;
-#ifdef NO_SHARED_LIBS
- unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-struct ip6tables_target
-{
- struct ip6tables_target *next;
-
- ip6t_chainlabel name;
-
- const char *version;
-
- /* Size of target data. */
- size_t size;
-
- /* Size of target data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the target. */
- void (*init)(struct ip6t_entry_target *t, unsigned int *nfcache);
-
- /* Function which parses command options; returns true if it
- ate an option */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const struct ip6t_entry *entry,
- struct ip6t_entry_target **target);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the target iff non-NULL: put space at end */
- void (*print)(const struct ip6t_ip6 *ip,
- const struct ip6t_entry_target *target, int numeric);
-
- /* Saves the targinfo in parsable form to stdout. */
- void (*save)(const struct ip6t_ip6 *ip,
- const struct ip6t_entry_target *target);
-
- /* Pointer to list of extra command-line options */
- struct option *extra_opts;
-
- /* Ignore these men behind the curtain: */
- unsigned int option_offset;
- struct ip6t_entry_target *t;
- unsigned int tflags;
- unsigned int used;
-#ifdef NO_SHARED_LIBS
- unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-extern int line;
-
/* Your shared library should call one of these. */
-extern void register_match6(struct ip6tables_match *me);
-extern void register_target6(struct ip6tables_target *me);
+#define register_match6 register_match
+#define register_target6 register_target
extern int do_command6(int argc, char *argv[], char **table,
ip6tc_handle_t *handle);
@@ -128,16 +28,9 @@
extern struct ip6tables_match *ip6tables_matches;
extern struct ip6tables_target *ip6tables_targets;
-enum ip6t_tryload {
- DONT_LOAD,
- DURING_LOAD,
- TRY_LOAD,
- LOAD_MUST_SUCCEED
-};
+extern struct ip6tables_target *find_target(const char *name, enum xt_tryload);
+extern struct ip6tables_match *find_match(const char *name, enum xt_tryload, struct ip6tables_rule_match **match);
-extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload);
-extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match);
-
extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
Modified: branches/iptables/iptables-1.4/include/iptables.h
===================================================================
--- branches/iptables/iptables-1.4/include/iptables.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/iptables.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -12,138 +12,9 @@
#define IPPROTO_SCTP 132
#endif
-#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */
-#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
-#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
+#define iptables_match xtables_match
+#define iptables_target xtables_target
-struct ipt_get_revision
-{
- char name[IPT_FUNCTION_MAXNAMELEN-1];
-
- u_int8_t revision;
-};
-#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */
-
-struct iptables_rule_match
-{
- struct iptables_rule_match *next;
-
- struct iptables_match *match;
-};
-
-/* Include file for additions: new matches and targets. */
-struct iptables_match
-{
- struct iptables_match *next;
-
- ipt_chainlabel name;
-
- /* Revision of match (0 by default). */
- u_int8_t revision;
-
- const char *version;
-
- /* Size of match data. */
- size_t size;
-
- /* Size of match data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the match. */
- void (*init)(struct ipt_entry_match *m, unsigned int *nfcache);
-
- /* Function which parses command options; returns true if it
- ate an option */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the match iff non-NULL: put space at end */
- void (*print)(const struct ipt_ip *ip,
- const struct ipt_entry_match *match, int numeric);
-
- /* Saves the match info in parsable form to stdout. */
- void (*save)(const struct ipt_ip *ip,
- const struct ipt_entry_match *match);
-
- /* Pointer to list of extra command-line options */
- const struct option *extra_opts;
-
- /* Ignore these men behind the curtain: */
- unsigned int option_offset;
- struct ipt_entry_match *m;
- unsigned int mflags;
-#ifdef NO_SHARED_LIBS
- unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-struct iptables_target
-{
- struct iptables_target *next;
-
- ipt_chainlabel name;
-
- /* Revision of target (0 by default). */
- u_int8_t revision;
-
- const char *version;
-
- /* Size of target data. */
- size_t size;
-
- /* Size of target data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the target. */
- void (*init)(struct ipt_entry_target *t, unsigned int *nfcache);
-
- /* Function which parses command options; returns true if it
- ate an option */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- struct ipt_entry_target **target);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the target iff non-NULL: put space at end */
- void (*print)(const struct ipt_ip *ip,
- const struct ipt_entry_target *target, int numeric);
-
- /* Saves the targinfo in parsable form to stdout. */
- void (*save)(const struct ipt_ip *ip,
- const struct ipt_entry_target *target);
-
- /* Pointer to list of extra command-line options */
- struct option *extra_opts;
-
- /* Ignore these men behind the curtain: */
- unsigned int option_offset;
- struct ipt_entry_target *t;
- unsigned int tflags;
- unsigned int used;
-#ifdef NO_SHARED_LIBS
- unsigned int loaded; /* simulate loading so options are merged properly */
-#endif
-};
-
-extern int line;
-
-/* Your shared library should call one of these. */
-extern void register_match(struct iptables_match *me);
-extern void register_target(struct iptables_target *me);
-
extern struct in_addr *dotted_to_addr(const char *dotted);
extern char *addr_to_dotted(const struct in_addr *addrp);
extern char *addr_to_anyname(const struct in_addr *addr);
@@ -160,16 +31,6 @@
extern struct iptables_match *iptables_matches;
extern struct iptables_target *iptables_targets;
-enum ipt_tryload {
- DONT_LOAD,
- DURING_LOAD,
- TRY_LOAD,
- LOAD_MUST_SUCCEED
-};
-
-extern struct iptables_target *find_target(const char *name, enum ipt_tryload);
-extern struct iptables_match *find_match(const char *name, enum ipt_tryload, struct iptables_rule_match **match);
-
extern int delete_chain(const ipt_chainlabel chain, int verbose,
iptc_handle_t *handle);
extern int flush_entries(const ipt_chainlabel chain, int verbose,
@@ -177,12 +38,4 @@
extern int for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *),
int verbose, int builtinstoo, iptc_handle_t *handle);
-/* kernel revision handling */
-extern int kernel_version;
-extern void get_kernel_version(void);
-#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
-#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF)
-#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF)
-#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF)
-
#endif /*_IPTABLES_USER_H*/
Modified: branches/iptables/iptables-1.4/include/iptables_common.h
===================================================================
--- branches/iptables/iptables-1.4/include/iptables_common.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/iptables_common.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -2,6 +2,10 @@
#define _IPTABLES_COMMON_H
/* Shared definitions between ipv4 and ipv6. */
+#include "xtables.h"
+
+extern int line;
+
enum exittype {
OTHER_PROBLEM = 1,
PARAMETER_PROBLEM,
Modified: branches/iptables/iptables-1.4/include/libiptc/libip6tc.h
===================================================================
--- branches/iptables/iptables-1.4/include/libiptc/libip6tc.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/libiptc/libip6tc.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -4,19 +4,8 @@
#include <libiptc/ipt_kernel_headers.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <libiptc/libxtc.h>
-#ifndef IP6T_MIN_ALIGN
-#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry))
-#endif
-#define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1))
-
-typedef char ip6t_chainlabel[32];
-
-#define IP6TC_LABEL_ACCEPT "ACCEPT"
-#define IP6TC_LABEL_DROP "DROP"
-#define IP6TC_LABEL_QUEUE "QUEUE"
-#define IP6TC_LABEL_RETURN "RETURN"
-
/* Transparent handle type. */
typedef struct ip6tc_handle *ip6tc_handle_t;
@@ -58,83 +47,83 @@
/* Rule numbers start at 1 for the first rule. */
/* Insert the entry `fw' in chain `chain' into position `rulenum'. */
-int ip6tc_insert_entry(const ip6t_chainlabel chain,
+int ip6tc_insert_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
ip6tc_handle_t *handle);
/* Atomically replace rule `rulenum' in `chain' with `fw'. */
-int ip6tc_replace_entry(const ip6t_chainlabel chain,
+int ip6tc_replace_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
unsigned int rulenum,
ip6tc_handle_t *handle);
/* Append entry `fw' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
-int ip6tc_append_entry(const ip6t_chainlabel chain,
+int ip6tc_append_entry(const xt_chainlabel chain,
const struct ip6t_entry *e,
ip6tc_handle_t *handle);
/* Delete the first rule in `chain' which matches `fw'. */
-int ip6tc_delete_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_entry(const xt_chainlabel chain,
const struct ip6t_entry *origfw,
unsigned char *matchmask,
ip6tc_handle_t *handle);
/* Delete the rule in position `rulenum' in `chain'. */
-int ip6tc_delete_num_entry(const ip6t_chainlabel chain,
+int ip6tc_delete_num_entry(const xt_chainlabel chain,
unsigned int rulenum,
ip6tc_handle_t *handle);
/* Check the packet `fw' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
-const char *ip6tc_check_packet(const ip6t_chainlabel chain,
+const char *ip6tc_check_packet(const xt_chainlabel chain,
struct ip6t_entry *,
ip6tc_handle_t *handle);
/* Flushes the entries in the given chain (ie. empties chain). */
-int ip6tc_flush_entries(const ip6t_chainlabel chain,
+int ip6tc_flush_entries(const xt_chainlabel chain,
ip6tc_handle_t *handle);
/* Zeroes the counters in a chain. */
-int ip6tc_zero_entries(const ip6t_chainlabel chain,
+int ip6tc_zero_entries(const xt_chainlabel chain,
ip6tc_handle_t *handle);
/* Creates a new chain. */
-int ip6tc_create_chain(const ip6t_chainlabel chain,
+int ip6tc_create_chain(const xt_chainlabel chain,
ip6tc_handle_t *handle);
/* Deletes a chain. */
-int ip6tc_delete_chain(const ip6t_chainlabel chain,
+int ip6tc_delete_chain(const xt_chainlabel chain,
ip6tc_handle_t *handle);
/* Renames a chain. */
-int ip6tc_rename_chain(const ip6t_chainlabel oldname,
- const ip6t_chainlabel newname,
+int ip6tc_rename_chain(const xt_chainlabel oldname,
+ const xt_chainlabel newname,
ip6tc_handle_t *handle);
/* Sets the policy on a built-in chain. */
-int ip6tc_set_policy(const ip6t_chainlabel chain,
- const ip6t_chainlabel policy,
+int ip6tc_set_policy(const xt_chainlabel chain,
+ const xt_chainlabel policy,
struct ip6t_counters *counters,
ip6tc_handle_t *handle);
/* Get the number of references to this chain */
-int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain,
+int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
ip6tc_handle_t *handle);
/* read packet and byte counters for a specific rule */
-struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain,
+struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain,
unsigned int rulenum,
ip6tc_handle_t *handle);
/* zero packet and byte counters for a specific rule */
-int ip6tc_zero_counter(const ip6t_chainlabel chain,
+int ip6tc_zero_counter(const xt_chainlabel chain,
unsigned int rulenum,
ip6tc_handle_t *handle);
/* set packet and byte counters for a specific rule */
-int ip6tc_set_counter(const ip6t_chainlabel chain,
+int ip6tc_set_counter(const xt_chainlabel chain,
unsigned int rulenum,
struct ip6t_counters *counters,
ip6tc_handle_t *handle);
Modified: branches/iptables/iptables-1.4/include/libiptc/libiptc.h
===================================================================
--- branches/iptables/iptables-1.4/include/libiptc/libiptc.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/libiptc/libiptc.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -4,27 +4,14 @@
#include <libiptc/ipt_kernel_headers.h>
#include <linux/netfilter_ipv4/ip_tables.h>
+#include <libiptc/libxtc.h>
+#define ipt_chainlabel xt_chainlabel
+
#ifdef __cplusplus
extern "C" {
#endif
-#ifndef IPT_MIN_ALIGN
-/* ipt_entry has pointers and u_int64_t's in it, so if you align to
- it, you'll also align to any crazy matches and targets someone
- might write */
-#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry))
-#endif
-
-#define IPT_ALIGN(s) (((s) + ((IPT_MIN_ALIGN)-1)) & ~((IPT_MIN_ALIGN)-1))
-
-typedef char ipt_chainlabel[32];
-
-#define IPTC_LABEL_ACCEPT "ACCEPT"
-#define IPTC_LABEL_DROP "DROP"
-#define IPTC_LABEL_QUEUE "QUEUE"
-#define IPTC_LABEL_RETURN "RETURN"
-
/* Transparent handle type. */
typedef struct iptc_handle *iptc_handle_t;
Added: branches/iptables/iptables-1.4/include/libiptc/libxtc.h
===================================================================
--- branches/iptables/iptables-1.4/include/libiptc/libxtc.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/libiptc/libxtc.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -0,0 +1,37 @@
+#ifndef _LIBXTC_H
+#define _LIBXTC_H
+/* Library which manipulates filtering rules. */
+
+#include <libiptc/ipt_kernel_headers.h>
+#include <linux/netfilter/x_tables.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if 0
+#ifndef XT_MIN_ALIGN
+/* ipt_entry has pointers and u_int64_t's in it, so if you align to
+ it, you'll also align to any crazy matches and targets someone
+ might write */
+#define XT_MIN_ALIGN (__alignof__(struct ipt_entry))
+#endif
+
+#ifndef XT_ALIGN
+#define XT_ALIGN(s) (((s) + ((XT_MIN_ALIGN)-1)) & ~((XT_MIN_ALIGN)-1))
+#endif
+#endif
+
+typedef char xt_chainlabel[32];
+
+#define XTC_LABEL_ACCEPT "ACCEPT"
+#define XTC_LABEL_DROP "DROP"
+#define XTC_LABEL_QUEUE "QUEUE"
+#define XTC_LABEL_RETURN "RETURN"
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LIBXTC_H */
Added: branches/iptables/iptables-1.4/include/xtables.h
===================================================================
--- branches/iptables/iptables-1.4/include/xtables.h 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/include/xtables.h 2006-01-23 17:24:41 UTC (rev 6431)
@@ -0,0 +1,143 @@
+#ifndef _XTABLES_H
+#define _XTABLES_H
+
+#include <linux/netfilter/x_tables.h>
+#include <libiptc/libxtc.h>
+
+enum xt_tryload {
+ DONT_LOAD,
+ DURING_LOAD,
+ TRY_LOAD,
+ LOAD_MUST_SUCCEED
+};
+
+
+struct xtables_rule_match
+{
+ struct xtables_rule_match *next;
+ struct xtables_match *match;
+};
+
+/* Include file for additions: new matches and targets. */
+struct xtables_match
+{
+ struct xtables_match *next;
+
+ xt_chainlabel name;
+
+ /* Revision of match (0 by default). */
+ u_int8_t revision;
+
+ u_int16_t pf;
+
+ const char *version;
+
+ /* Size of match data. */
+ size_t size;
+
+ /* Size of match data relevent for userspace comparison purposes */
+ size_t userspacesize;
+
+ /* Function which prints out usage message. */
+ void (*help)(void);
+
+ /* Initialize the match. */
+ void (*init)(void *matchinfo, unsigned int *nfcache);
+
+ /* Function which parses command options; returns true if it
+ ate an option */
+ int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+ const struct ipt_entry *entry,
+ unsigned int *nfcache, void *matchinfo);
+
+ /* Final check; exit if not ok. */
+ void (*final_check)(unsigned int flags);
+
+ /* Prints out the match iff non-NULL: put space at end */
+ void (*print)(const struct ipt_ip *ip,
+ const void *matchinfo, int numeric);
+
+ /* Saves the match info in parsable form to stdout. */
+ void (*save)(const struct ipt_ip *ip, const void *matchinfo);
+
+ /* Pointer to list of extra command-line options */
+ const struct option *extra_opts;
+
+ /* Ignore these men behind the curtain: */
+ unsigned int option_offset;
+ struct ipt_entry_match *m;
+ unsigned int mflags;
+#ifdef NO_SHARED_LIBS
+ unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
+};
+
+struct xtables_target
+{
+ struct xtables_target *next;
+
+ xt_chainlabel name;
+
+ /* Revision of target (0 by default). */
+ u_int8_t revision;
+
+ u_int16_t pf;
+
+ const char *version;
+
+ /* Size of target data. */
+ size_t size;
+
+ /* Size of target data relevent for userspace comparison purposes */
+ size_t userspacesize;
+
+ /* Function which prints out usage message. */
+ void (*help)(void);
+
+ /* Initialize the target. */
+ void (*init)(void *targetinfo, unsigned int *nfcache);
+
+ /* Function which parses command options; returns true if it
+ ate an option */
+ int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+ const struct ipt_entry *entry, void *targetinfo);
+
+ /* Final check; exit if not ok. */
+ void (*final_check)(unsigned int flags);
+
+ /* Prints out the target iff non-NULL: put space at end */
+ void (*print)(const struct ipt_ip *ip, const void *targetinfo,
+ int numeric);
+
+ /* Saves the targinfo in parsable form to stdout. */
+ void (*save)(const struct ipt_ip *ip, const void *targetinfo);
+
+ /* Pointer to list of extra command-line options */
+ struct option *extra_opts;
+
+ /* Ignore these men behind the curtain: */
+ unsigned int option_offset;
+ struct ipt_entry_target *t;
+ unsigned int tflags;
+ unsigned int used;
+#ifdef NO_SHARED_LIBS
+ unsigned int loaded; /* simulate loading so options are merged properly */
+#endif
+};
+
+/* Your shared library should call one of these. */
+extern void register_match(struct xtables_match *me);
+extern void register_target(struct xtables_target *me);
+
+extern struct xtables_target *find_target(int pf, const char *name, enum xt_tryload);
+extern struct xtables_match *find_match(int pf, const char *name, enum xt_tryload, struct xtables_rule_match **match);
+
+/* kernel revision handling */
+extern int kernel_version;
+extern void get_kernel_version(void);
+#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
+#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF)
+#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF)
+#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF)
+
+#endif /* _XTABLES_H */
Modified: branches/iptables/iptables-1.4/ip6tables.c
===================================================================
--- branches/iptables/iptables-1.4/ip6tables.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/ip6tables.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -710,7 +710,7 @@
}
struct ip6tables_match *
-find_match(const char *name, enum ip6t_tryload tryload, struct ip6tables_rule_match **matches)
+find_match(const char *name, enum xt_tryload tryload, struct ip6tables_rule_match **matches)
{
struct ip6tables_match *ptr;
int icmphack = 0;
@@ -785,7 +785,7 @@
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
static struct ip6tables_match *
-find_proto(const char *pname, enum ip6t_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
+find_proto(const char *pname, enum xt_tryload tryload, int nolookup, struct ip6tables_rule_match **matches)
{
unsigned int proto;
@@ -968,7 +968,7 @@
}
struct ip6tables_target *
-find_target(const char *name, enum ip6t_tryload tryload)
+find_target(const char *name, enum xt_tryload tryload)
{
struct ip6tables_target *ptr;
Modified: branches/iptables/iptables-1.4/iptables.c
===================================================================
--- branches/iptables/iptables-1.4/iptables.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/iptables.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -197,10 +197,6 @@
int kernel_version;
-/* Keeping track of external matches and targets: linked lists. */
-struct iptables_match *iptables_matches = NULL;
-struct iptables_target *iptables_targets = NULL;
-
/* Extra debugging from libiptc */
extern void dump_entries(const iptc_handle_t handle);
@@ -352,10 +348,10 @@
}
void
-exit_printhelp(struct iptables_rule_match *matches)
+exit_printhelp(struct xtables_rule_match *matches)
{
- struct iptables_rule_match *matchp = NULL;
- struct iptables_target *t = NULL;
+ struct xtables_rule_match *matchp = NULL;
+ struct xtables_target *t = NULL;
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
@@ -424,7 +420,7 @@
/* Print out any special helps. A user might like to be able
to add a --help to the commandline, and see expected
results. So we call help for all specified matches & targets */
- for (t = iptables_targets; t ;t = t->next) {
+ for (t = iptables_targets[AF_INET]; t; t = t->next) {
if (t->used) {
printf("\n");
t->help();
@@ -674,66 +670,9 @@
}
}
-struct iptables_match *
-find_match(const char *name, enum ipt_tryload tryload, struct iptables_rule_match **matches)
-{
- struct iptables_match *ptr;
-
- for (ptr = iptables_matches; ptr; ptr = ptr->next) {
- if (strcmp(name, ptr->name) == 0)
- break;
- }
-
-#ifndef NO_SHARED_LIBS
- if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
- char path[strlen(lib_dir) + sizeof("/libipt_.so")
- + strlen(name)];
- sprintf(path, "%s/libipt_%s.so", lib_dir, name);
- if (dlopen(path, RTLD_NOW)) {
- /* Found library. If it didn't register itself,
- maybe they specified target as match. */
- ptr = find_match(name, DONT_LOAD, NULL);
-
- if (!ptr)
- exit_error(PARAMETER_PROBLEM,
- "Couldn't load match `%s'\n",
- name);
- } else if (tryload == LOAD_MUST_SUCCEED)
- exit_error(PARAMETER_PROBLEM,
- "Couldn't load match `%s':%s\n",
- name, dlerror());
- }
-#else
- if (ptr && !ptr->loaded) {
- if (tryload != DONT_LOAD)
- ptr->loaded = 1;
- else
- ptr = NULL;
- }
- if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
- exit_error(PARAMETER_PROBLEM,
- "Couldn't find match `%s'\n", name);
- }
-#endif
-
- if (ptr && matches) {
- struct iptables_rule_match **i;
- struct iptables_rule_match *newentry;
-
- newentry = fw_malloc(sizeof(struct iptables_rule_match));
-
- for (i = matches; *i; i = &(*i)->next);
- newentry->match = ptr;
- newentry->next = NULL;
- *i = newentry;
- }
-
- return ptr;
-}
-
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
static struct iptables_match *
-find_proto(const char *pname, enum ipt_tryload tryload, int nolookup, struct iptables_rule_match **matches)
+find_proto(const char *pname, enum xt_tryload tryload, int nolookup, struct xtables_rule_match **matches)
{
unsigned int proto;
@@ -975,61 +914,6 @@
}
}
-struct iptables_target *
-find_target(const char *name, enum ipt_tryload tryload)
-{
- struct iptables_target *ptr;
-
- /* Standard target? */
- if (strcmp(name, "") == 0
- || strcmp(name, IPTC_LABEL_ACCEPT) == 0
- || strcmp(name, IPTC_LABEL_DROP) == 0
- || strcmp(name, IPTC_LABEL_QUEUE) == 0
- || strcmp(name, IPTC_LABEL_RETURN) == 0)
- name = "standard";
-
- for (ptr = iptables_targets; ptr; ptr = ptr->next) {
- if (strcmp(name, ptr->name) == 0)
- break;
- }
-
-#ifndef NO_SHARED_LIBS
- if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
- char path[strlen(lib_dir) + sizeof("/libipt_.so")
- + strlen(name)];
- sprintf(path, "%s/libipt_%s.so", lib_dir, name);
- if (dlopen(path, RTLD_NOW)) {
- /* Found library. If it didn't register itself,
- maybe they specified match as a target. */
- ptr = find_target(name, DONT_LOAD);
- if (!ptr)
- exit_error(PARAMETER_PROBLEM,
- "Couldn't load target `%s'\n",
- name);
- } else if (tryload == LOAD_MUST_SUCCEED)
- exit_error(PARAMETER_PROBLEM,
- "Couldn't load target `%s':%s\n",
- name, dlerror());
- }
-#else
- if (ptr && !ptr->loaded) {
- if (tryload != DONT_LOAD)
- ptr->loaded = 1;
- else
- ptr = NULL;
- }
- if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
- exit_error(PARAMETER_PROBLEM,
- "Couldn't find target `%s'\n", name);
- }
-#endif
-
- if (ptr)
- ptr->used = 1;
-
- return ptr;
-}
-
static struct option *
merge_options(struct option *oldopts, const struct option *newopts,
unsigned int *option_offset)
@@ -1055,164 +939,6 @@
return merge;
}
-static int compatible_revision(const char *name, u_int8_t revision, int opt)
-{
- struct ipt_get_revision rev;
- socklen_t s = sizeof(rev);
- int max_rev, sockfd;
-
- sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
- if (sockfd < 0) {
- fprintf(stderr, "Could not open socket to kernel: %s\n",
- strerror(errno));
- exit(1);
- }
-
- strcpy(rev.name, name);
- rev.revision = revision;
-
- max_rev = getsockopt(sockfd, IPPROTO_IP, opt, &rev, &s);
- if (max_rev < 0) {
- /* Definitely don't support this? */
- if (errno == EPROTONOSUPPORT) {
- close(sockfd);
- return 0;
- } else if (errno == ENOPROTOOPT) {
- close(sockfd);
- /* Assume only revision 0 support (old kernel) */
- return (revision == 0);
- } else {
- fprintf(stderr, "getsockopt failed strangely: %s\n",
- strerror(errno));
- exit(1);
- }
- }
- close(sockfd);
- return 1;
-}
-
-static int compatible_match_revision(const char *name, u_int8_t revision)
-{
- return compatible_revision(name, revision, IPT_SO_GET_REVISION_MATCH);
-}
-
-static int compatible_target_revision(const char *name, u_int8_t revision)
-{
- return compatible_revision(name, revision, IPT_SO_GET_REVISION_TARGET);
-}
-
-void
-register_match(struct iptables_match *me)
-{
- struct iptables_match **i, *old;
-
- if (strcmp(me->version, program_version) != 0) {
- fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
- program_name, me->name, me->version, program_version);
- exit(1);
- }
-
- /* Revision field stole a char from name. */
- if (strlen(me->name) >= IPT_FUNCTION_MAXNAMELEN-1) {
- fprintf(stderr, "%s: target `%s' has invalid name\n",
- program_name, me->name);
- exit(1);
- }
-
- old = find_match(me->name, DURING_LOAD, NULL);
- if (old) {
- if (old->revision == me->revision) {
- fprintf(stderr,
- "%s: match `%s' already registered.\n",
- program_name, me->name);
- exit(1);
- }
-
- /* Now we have two (or more) options, check compatibility. */
- if (compatible_match_revision(old->name, old->revision)
- && old->revision > me->revision)
- return;
-
- /* Replace if compatible. */
- if (!compatible_match_revision(me->name, me->revision))
- return;
-
- /* Delete old one. */
- for (i = &iptables_matches; *i!=old; i = &(*i)->next);
- *i = old->next;
- }
-
- if (me->size != IPT_ALIGN(me->size)) {
- fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
- program_name, me->name, (unsigned int)me->size);
- exit(1);
- }
-
- /* Append to list. */
- for (i = &iptables_matches; *i; i = &(*i)->next);
- me->next = NULL;
- *i = me;
-
- me->m = NULL;
- me->mflags = 0;
-}
-
-void
-register_target(struct iptables_target *me)
-{
- struct iptables_target *old;
-
- if (strcmp(me->version, program_version) != 0) {
- fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n",
- program_name, me->name, me->version, program_version);
- exit(1);
- }
-
- /* Revision field stole a char from name. */
- if (strlen(me->name) >= IPT_FUNCTION_MAXNAMELEN-1) {
- fprintf(stderr, "%s: target `%s' has invalid name\n",
- program_name, me->name);
- exit(1);
- }
-
- old = find_target(me->name, DURING_LOAD);
- if (old) {
- struct iptables_target **i;
-
- if (old->revision == me->revision) {
- fprintf(stderr,
- "%s: target `%s' already registered.\n",
- program_name, me->name);
- exit(1);
- }
-
- /* Now we have two (or more) options, check compatibility. */
- if (compatible_target_revision(old->name, old->revision)
- && old->revision > me->revision)
- return;
-
- /* Replace if compatible. */
- if (!compatible_target_revision(me->name, me->revision))
- return;
-
- /* Delete old one. */
- for (i = &iptables_targets; *i!=old; i = &(*i)->next);
- *i = old->next;
- }
-
- if (me->size != IPT_ALIGN(me->size)) {
- fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
- program_name, me->name, (unsigned int)me->size);
- exit(1);
- }
-
- /* Prepend to list. */
- me->next = iptables_targets;
- iptables_targets = me;
- me->t = NULL;
- me->tflags = 0;
-}
-
static void
print_num(u_int64_t number, unsigned int format)
{
@@ -1298,7 +1024,7 @@
if (match) {
if (match->print)
- match->print(ip, m, numeric);
+ match->print(ip, m->data, numeric);
else
printf("%s ", match->name);
} else {
@@ -1425,7 +1151,7 @@
if (target) {
if (target->print)
/* Print the target information. */
- target->print(&fw->ip, t, format & FMT_NUMERIC);
+ target->print(&fw->ip, t->data, format & FMT_NUMERIC);
} else if (t->u.target_size != sizeof(*t))
printf("[%u bytes of unknown target data] ",
(unsigned int)(t->u.target_size - sizeof(*t)));
@@ -1515,11 +1241,11 @@
}
static unsigned char *
-make_delete_mask(struct ipt_entry *fw, struct iptables_rule_match *matches)
+make_delete_mask(struct ipt_entry *fw, struct xtables_rule_match *matches)
{
/* Establish mask for comparison */
unsigned int size;
- struct iptables_rule_match *matchp;
+ struct xtables_rule_match *matchp;
unsigned char *mask, *mptr;
size = sizeof(struct ipt_entry);
@@ -1556,7 +1282,7 @@
const struct in_addr daddrs[],
int verbose,
iptc_handle_t *handle,
- struct iptables_rule_match *matches)
+ struct xtables_rule_match *matches)
{
unsigned int i, j;
int ret = 1;
@@ -1768,11 +1494,11 @@
static struct ipt_entry *
generate_entry(const struct ipt_entry *fw,
- struct iptables_rule_match *matches,
+ struct xtables_rule_match *matches,
struct ipt_entry_target *target)
{
unsigned int size;
- struct iptables_rule_match *matchp;
+ struct xtables_rule_match *matchp;
struct ipt_entry *e;
size = sizeof(struct ipt_entry);
@@ -1794,9 +1520,9 @@
return e;
}
-void clear_rule_matches(struct iptables_rule_match **matches)
+void clear_rule_matches(struct xtables_rule_match **matches)
{
- struct iptables_rule_match *matchp, *tmp;
+ struct xtables_rule_match *matchp, *tmp;
for (matchp = *matches; matchp;) {
tmp = matchp->next;
@@ -1846,11 +1572,11 @@
unsigned int rulenum = 0, options = 0, command = 0;
const char *pcnt = NULL, *bcnt = NULL;
int ret = 1;
- struct iptables_match *m;
- struct iptables_rule_match *matches = NULL;
- struct iptables_rule_match *matchp;
- struct iptables_target *target = NULL;
- struct iptables_target *t;
+ struct xtables_match *m;
+ struct xtables_rule_match *matches = NULL;
+ struct xtables_rule_match *matchp;
+ struct xtables_target *target = NULL;
+ struct xtables_target *t;
const char *jumpto = "";
char *protocol = NULL;
const char *modprobe = NULL;
@@ -1864,10 +1590,10 @@
/* clear mflags in case do_command gets called a second time
* (we clear the global list of all matches for security)*/
- for (m = iptables_matches; m; m = m->next)
+ for (m = iptables_matches[PF_INET]; m; m = m->next)
m->mflags = 0;
- for (t = iptables_targets; t; t = t->next) {
+ for (t = iptables_targets[PF_INET]; t; t = t->next) {
t->tflags = 0;
t->used = 0;
}
@@ -2118,14 +1844,14 @@
"unexpected ! flag before --match");
m = find_match(optarg, LOAD_MUST_SUCCEED, &matches);
- size = IPT_ALIGN(sizeof(struct ipt_entry_match))
+ size = XT_ALIGN(sizeof(struct ipt_entry_match))
+ m->size;
m->m = fw_calloc(1, size);
m->m->u.match_size = size;
strcpy(m->m->u.user.name, m->name);
set_revision(m->m->u.user.name, m->revision);
if (m->init != NULL)
- m->init(m->m, &fw.nfcache);
+ m->init(&m->m->data, &fw.nfcache);
opts = merge_options(opts, m->extra_opts, &m->option_offset);
}
break;
@@ -2210,14 +1936,14 @@
|| !(target->parse(c - target->option_offset,
argv, invert,
&target->tflags,
- &fw, &target->t))) {
+ &fw, &target->t.data))) {
for (matchp = matches; matchp; matchp = matchp->next) {
if (matchp->match->parse(c - matchp->match->option_offset,
argv, invert,
&matchp->match->mflags,
&fw,
&fw.nfcache,
- &matchp->match->m))
+ &matchp->match->m.data))
break;
}
m = matchp ? matchp->match : NULL;
Modified: branches/iptables/iptables-1.4/libiptc/libip4tc.c
===================================================================
--- branches/iptables/iptables-1.4/libiptc/libip4tc.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/libiptc/libip4tc.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -62,8 +62,6 @@
#define ERROR_TARGET IPT_ERROR_TARGET
#define NUMHOOKS NF_IP_NUMHOOKS
-#define IPT_CHAINLABEL ipt_chainlabel
-
#define TC_DUMP_ENTRIES dump_entries
#define TC_IS_CHAIN iptc_is_chain
#define TC_FIRST_CHAIN iptc_first_chain
@@ -98,19 +96,14 @@
#define TC_AF AF_INET
#define TC_IPPROTO IPPROTO_IP
-#define SO_SET_REPLACE IPT_SO_SET_REPLACE
-#define SO_SET_ADD_COUNTERS IPT_SO_SET_ADD_COUNTERS
-#define SO_GET_INFO IPT_SO_GET_INFO
-#define SO_GET_ENTRIES IPT_SO_GET_ENTRIES
-#define SO_GET_VERSION IPT_SO_GET_VERSION
+#define SO_SET_REPLACE XT_SO_SET_REPLACE
+#define SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
+#define SO_GET_INFO XT_SO_GET_INFO
+#define SO_GET_ENTRIES XT_SO_GET_ENTRIES
+#define SO_GET_VERSION XT_SO_GET_VERSION
#define STANDARD_TARGET IPT_STANDARD_TARGET
-#define LABEL_RETURN IPTC_LABEL_RETURN
-#define LABEL_ACCEPT IPTC_LABEL_ACCEPT
-#define LABEL_DROP IPTC_LABEL_DROP
-#define LABEL_QUEUE IPTC_LABEL_QUEUE
-#define ALIGN IPT_ALIGN
#define RETURN IPT_RETURN
#include "libiptc.c"
@@ -210,7 +203,7 @@
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += IPT_ALIGN(sizeof(struct ipt_entry_target));
+ mptr += XT_ALIGN(sizeof(struct ipt_entry_target));
return mptr;
}
Modified: branches/iptables/iptables-1.4/libiptc/libip6tc.c
===================================================================
--- branches/iptables/iptables-1.4/libiptc/libip6tc.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/libiptc/libip6tc.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -93,19 +93,14 @@
#define TC_AF AF_INET6
#define TC_IPPROTO IPPROTO_IPV6
-#define SO_SET_REPLACE IP6T_SO_SET_REPLACE
-#define SO_SET_ADD_COUNTERS IP6T_SO_SET_ADD_COUNTERS
-#define SO_GET_INFO IP6T_SO_GET_INFO
-#define SO_GET_ENTRIES IP6T_SO_GET_ENTRIES
-#define SO_GET_VERSION IP6T_SO_GET_VERSION
+#define SO_SET_REPLACE XT_SO_SET_REPLACE
+#define SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
+#define SO_GET_INFO XT_SO_GET_INFO
+#define SO_GET_ENTRIES XT_SO_GET_ENTRIES
+#define SO_GET_VERSION XT_SO_GET_VERSION
#define STANDARD_TARGET IP6T_STANDARD_TARGET
-#define LABEL_RETURN IP6TC_LABEL_RETURN
-#define LABEL_ACCEPT IP6TC_LABEL_ACCEPT
-#define LABEL_DROP IP6TC_LABEL_DROP
-#define LABEL_QUEUE IP6TC_LABEL_QUEUE
-#define ALIGN IP6T_ALIGN
#define RETURN IP6T_RETURN
#include "libiptc.c"
@@ -242,7 +237,7 @@
mptr = matchmask + sizeof(STRUCT_ENTRY);
if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
return NULL;
- mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_target));
+ mptr += XT_ALIGN(sizeof(struct ip6t_entry_target));
return mptr;
}
@@ -397,9 +392,9 @@
assert(e->target_offset == sizeof(*e));
t = (STRUCT_STANDARD_TARGET *)GET_TARGET(e);
printf("target_size=%u, align=%u\n",
- t->target.u.target_size, ALIGN(sizeof(*t)));
- assert(t->target.u.target_size == ALIGN(sizeof(*t)));
- assert(e->next_offset == sizeof(*e) + ALIGN(sizeof(*t)));
+ t->target.u.target_size, XT_ALIGN(sizeof(*t)));
+ assert(t->target.u.target_size == XT_ALIGN(sizeof(*t)));
+ assert(e->next_offset == sizeof(*e) + XT_ALIGN(sizeof(*t)));
assert(strcmp(t->target.u.user.name, STANDARD_TARGET)==0);
assert(t->verdict == -NF_DROP-1 || t->verdict == -NF_ACCEPT-1);
Modified: branches/iptables/iptables-1.4/libiptc/libiptc.c
===================================================================
--- branches/iptables/iptables-1.4/libiptc/libiptc.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/libiptc/libiptc.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -503,7 +503,7 @@
t = (STRUCT_STANDARD_TARGET *)GET_TARGET(e);
if (t->target.u.target_size
- != ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
+ != XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
errno = EINVAL;
return -1;
}
@@ -581,21 +581,21 @@
struct ipt_error_target name;
};
#define IPTCB_CHAIN_START_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(struct ipt_error_target)))
+ XT_ALIGN(sizeof(struct ipt_error_target)))
struct iptcb_chain_foot {
STRUCT_ENTRY e;
STRUCT_STANDARD_TARGET target;
};
#define IPTCB_CHAIN_FOOT_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(STRUCT_STANDARD_TARGET)))
+ XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET)))
struct iptcb_chain_error {
STRUCT_ENTRY entry;
struct ipt_error_target target;
};
#define IPTCB_CHAIN_ERROR_SIZE (sizeof(STRUCT_ENTRY) + \
- ALIGN(sizeof(struct ipt_error_target)))
+ XT_ALIGN(sizeof(struct ipt_error_target)))
@@ -640,7 +640,7 @@
head->e.next_offset = IPTCB_CHAIN_START_SIZE;
strcpy(head->name.t.u.user.name, ERROR_TARGET);
head->name.t.u.target_size =
- ALIGN(sizeof(struct ipt_error_target));
+ XT_ALIGN(sizeof(struct ipt_error_target));
strcpy(head->name.error, c->name);
} else {
repl->hook_entry[c->hooknum-1] = c->head_offset;
@@ -660,7 +660,7 @@
foot->e.next_offset = IPTCB_CHAIN_FOOT_SIZE;
strcpy(foot->target.target.u.user.name, STANDARD_TARGET);
foot->target.target.u.target_size =
- ALIGN(sizeof(STRUCT_STANDARD_TARGET));
+ XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET));
/* builtin targets have verdict, others return */
if (iptcc_is_builtin(c))
foot->target.verdict = c->verdict;
@@ -684,7 +684,7 @@
if (!iptcc_is_builtin(c)) {
/* Chain has header */
*offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(struct ipt_error_target));
+ + XT_ALIGN(sizeof(struct ipt_error_target));
(*num)++;
}
@@ -701,7 +701,7 @@
c->foot_offset = *offset;
c->foot_index = *num;
*offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(STRUCT_STANDARD_TARGET));
+ + XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET));
(*num)++;
return 1;
@@ -724,7 +724,7 @@
/* Append one error rule at end of chain */
num++;
offset += sizeof(STRUCT_ENTRY)
- + ALIGN(sizeof(struct ipt_error_target));
+ + XT_ALIGN(sizeof(struct ipt_error_target));
/* ruleset size is now in offset */
*size = offset;
@@ -748,7 +748,7 @@
error->entry.target_offset = sizeof(STRUCT_ENTRY);
error->entry.next_offset = IPTCB_CHAIN_ERROR_SIZE;
error->target.t.u.user.target_size =
- ALIGN(sizeof(struct ipt_error_target));
+ XT_ALIGN(sizeof(struct ipt_error_target));
strcpy((char *)&error->target.t.u.user.name, ERROR_TARGET);
strcpy((char *)&error->target.error, "ERROR");
@@ -1106,16 +1106,16 @@
{
switch (verdict) {
case RETURN:
- return LABEL_RETURN;
+ return XTC_LABEL_RETURN;
break;
case -NF_ACCEPT-1:
- return LABEL_ACCEPT;
+ return XTC_LABEL_ACCEPT;
break;
case -NF_DROP-1:
- return LABEL_DROP;
+ return XTC_LABEL_DROP;
break;
case -NF_QUEUE-1:
- return LABEL_QUEUE;
+ return XTC_LABEL_QUEUE;
break;
default:
fprintf(stderr, "ERROR: %d not a valid target)\n",
@@ -1208,7 +1208,7 @@
t = (STRUCT_STANDARD_TARGET *)GET_TARGET(e);
if (t->target.u.target_size
- != ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
+ != XT_ALIGN(sizeof(STRUCT_STANDARD_TARGET))) {
errno = EINVAL;
return 0;
}
@@ -1235,13 +1235,13 @@
return 1;
}
/* Maybe it's a standard target name... */
- else if (strcmp(t->u.user.name, LABEL_ACCEPT) == 0)
+ else if (strcmp(t->u.user.name, XTC_LABEL_ACCEPT) == 0)
return iptcc_standard_map(r, -NF_ACCEPT - 1);
- else if (strcmp(t->u.user.name, LABEL_DROP) == 0)
+ else if (strcmp(t->u.user.name, XTC_LABEL_DROP) == 0)
return iptcc_standard_map(r, -NF_DROP - 1);
- else if (strcmp(t->u.user.name, LABEL_QUEUE) == 0)
+ else if (strcmp(t->u.user.name, XTC_LABEL_QUEUE) == 0)
return iptcc_standard_map(r, -NF_QUEUE - 1);
- else if (strcmp(t->u.user.name, LABEL_RETURN) == 0)
+ else if (strcmp(t->u.user.name, XTC_LABEL_RETURN) == 0)
return iptcc_standard_map(r, RETURN);
else if (TC_BUILTIN(t->u.user.name, handle)) {
/* Can't jump to builtins. */
@@ -1275,7 +1275,7 @@
/* Insert the entry `fw' in chain `chain' into position `rulenum'. */
int
-TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
+TC_INSERT_ENTRY(const xt_chainlabel chain,
const STRUCT_ENTRY *e,
unsigned int rulenum,
TC_HANDLE_T *handle)
@@ -1334,7 +1334,7 @@
/* Atomically replace rule `rulenum' in `chain' with `fw'. */
int
-TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
+TC_REPLACE_ENTRY(const xt_chainlabel chain,
const STRUCT_ENTRY *e,
unsigned int rulenum,
TC_HANDLE_T *handle)
@@ -1385,7 +1385,7 @@
/* Append entry `fw' to chain `chain'. Equivalent to insert with
rulenum = length of chain. */
int
-TC_APPEND_ENTRY(const IPT_CHAINLABEL chain,
+TC_APPEND_ENTRY(const xt_chainlabel chain,
const STRUCT_ENTRY *e,
TC_HANDLE_T *handle)
{
@@ -1440,9 +1440,9 @@
if (strcmp(a->u.user.name, b->u.user.name) != 0)
return 1;
- *maskptr += ALIGN(sizeof(*a));
+ *maskptr += XT_ALIGN(sizeof(*a));
- for (i = 0; i < a->u.match_size - ALIGN(sizeof(*a)); i++)
+ for (i = 0; i < a->u.match_size - XT_ALIGN(sizeof(*a)); i++)
if (((a->data[i] ^ b->data[i]) & (*maskptr)[i]) != 0)
return 1;
*maskptr += i;
@@ -1492,7 +1492,7 @@
/* Delete the first rule in `chain' which matches `fw'. */
int
-TC_DELETE_ENTRY(const IPT_CHAINLABEL chain,
+TC_DELETE_ENTRY(const xt_chainlabel chain,
const STRUCT_ENTRY *origfw,
unsigned char *matchmask,
TC_HANDLE_T *handle)
@@ -1556,7 +1556,7 @@
/* Delete the rule in position `rulenum' in `chain'. */
int
-TC_DELETE_NUM_ENTRY(const IPT_CHAINLABEL chain,
+TC_DELETE_NUM_ENTRY(const xt_chainlabel chain,
unsigned int rulenum,
TC_HANDLE_T *handle)
{
@@ -1602,7 +1602,7 @@
/* Check the packet `fw' on chain `chain'. Returns the verdict, or
NULL and sets errno. */
const char *
-TC_CHECK_PACKET(const IPT_CHAINLABEL chain,
+TC_CHECK_PACKET(const xt_chainlabel chain,
STRUCT_ENTRY *entry,
TC_HANDLE_T *handle)
{
@@ -1613,7 +1613,7 @@
/* Flushes the entries in the given chain (ie. empties chain). */
int
-TC_FLUSH_ENTRIES(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_FLUSH_ENTRIES(const xt_chainlabel chain, TC_HANDLE_T *handle)
{
struct chain_head *c;
struct rule_head *r, *tmp;
@@ -1637,7 +1637,7 @@
/* Zeroes the counters in a chain. */
int
-TC_ZERO_ENTRIES(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_ZERO_ENTRIES(const xt_chainlabel chain, TC_HANDLE_T *handle)
{
struct chain_head *c;
struct rule_head *r;
@@ -1659,7 +1659,7 @@
}
STRUCT_COUNTERS *
-TC_READ_COUNTER(const IPT_CHAINLABEL chain,
+TC_READ_COUNTER(const xt_chainlabel chain,
unsigned int rulenum,
TC_HANDLE_T *handle)
{
@@ -1683,7 +1683,7 @@
}
int
-TC_ZERO_COUNTER(const IPT_CHAINLABEL chain,
+TC_ZERO_COUNTER(const xt_chainlabel chain,
unsigned int rulenum,
TC_HANDLE_T *handle)
{
@@ -1712,7 +1712,7 @@
}
int
-TC_SET_COUNTER(const IPT_CHAINLABEL chain,
+TC_SET_COUNTER(const xt_chainlabel chain,
unsigned int rulenum,
STRUCT_COUNTERS *counters,
TC_HANDLE_T *handle)
@@ -1748,7 +1748,7 @@
/* To create a chain, create two rules: error node and unconditional
* return. */
int
-TC_CREATE_CHAIN(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_CREATE_CHAIN(const xt_chainlabel chain, TC_HANDLE_T *handle)
{
static struct chain_head *c;
@@ -1757,16 +1757,16 @@
/* find_label doesn't cover built-in targets: DROP, ACCEPT,
QUEUE, RETURN. */
if (iptcc_find_label(chain, *handle)
- || strcmp(chain, LABEL_DROP) == 0
- || strcmp(chain, LABEL_ACCEPT) == 0
- || strcmp(chain, LABEL_QUEUE) == 0
- || strcmp(chain, LABEL_RETURN) == 0) {
+ || strcmp(chain, XTC_LABEL_DROP) == 0
+ || strcmp(chain, XTC_LABEL_ACCEPT) == 0
+ || strcmp(chain, XTC_LABEL_QUEUE) == 0
+ || strcmp(chain, XTC_LABEL_RETURN) == 0) {
DEBUGP("Chain `%s' already exists\n", chain);
errno = EEXIST;
return 0;
}
- if (strlen(chain)+1 > sizeof(IPT_CHAINLABEL)) {
+ if (strlen(chain)+1 > sizeof(xt_chainlabel)) {
DEBUGP("Chain name `%s' too long\n", chain);
errno = EINVAL;
return 0;
@@ -1790,7 +1790,7 @@
/* Get the number of references to this chain. */
int
-TC_GET_REFERENCES(unsigned int *ref, const IPT_CHAINLABEL chain,
+TC_GET_REFERENCES(unsigned int *ref, const xt_chainlabel chain,
TC_HANDLE_T *handle)
{
struct chain_head *c;
@@ -1808,7 +1808,7 @@
/* Deletes a chain. */
int
-TC_DELETE_CHAIN(const IPT_CHAINLABEL chain, TC_HANDLE_T *handle)
+TC_DELETE_CHAIN(const xt_chainlabel chain, TC_HANDLE_T *handle)
{
unsigned int references;
struct chain_head *c;
@@ -1860,8 +1860,8 @@
}
/* Renames a chain. */
-int TC_RENAME_CHAIN(const IPT_CHAINLABEL oldname,
- const IPT_CHAINLABEL newname,
+int TC_RENAME_CHAIN(const xt_chainlabel oldname,
+ const xt_chainlabel newname,
TC_HANDLE_T *handle)
{
struct chain_head *c;
@@ -1870,10 +1870,10 @@
/* find_label doesn't cover built-in targets: DROP, ACCEPT,
QUEUE, RETURN. */
if (iptcc_find_label(newname, *handle)
- || strcmp(newname, LABEL_DROP) == 0
- || strcmp(newname, LABEL_ACCEPT) == 0
- || strcmp(newname, LABEL_QUEUE) == 0
- || strcmp(newname, LABEL_RETURN) == 0) {
+ || strcmp(newname, XTC_LABEL_DROP) == 0
+ || strcmp(newname, XTC_LABEL_ACCEPT) == 0
+ || strcmp(newname, XTC_LABEL_QUEUE) == 0
+ || strcmp(newname, XTC_LABEL_RETURN) == 0) {
errno = EEXIST;
return 0;
}
@@ -1884,12 +1884,12 @@
return 0;
}
- if (strlen(newname)+1 > sizeof(IPT_CHAINLABEL)) {
+ if (strlen(newname)+1 > sizeof(xt_chainlabel)) {
errno = EINVAL;
return 0;
}
- strncpy(c->name, newname, sizeof(IPT_CHAINLABEL));
+ strncpy(c->name, newname, sizeof(xt_chainlabel));
set_changed(*handle);
@@ -1898,8 +1898,8 @@
/* Sets the policy on a built-in chain. */
int
-TC_SET_POLICY(const IPT_CHAINLABEL chain,
- const IPT_CHAINLABEL policy,
+TC_SET_POLICY(const xt_chainlabel chain,
+ const xt_chainlabel policy,
STRUCT_COUNTERS *counters,
TC_HANDLE_T *handle)
{
@@ -1919,9 +1919,9 @@
return 0;
}
- if (strcmp(policy, LABEL_ACCEPT) == 0)
+ if (strcmp(policy, XTC_LABEL_ACCEPT) == 0)
c->verdict = -NF_ACCEPT - 1;
- else if (strcmp(policy, LABEL_DROP) == 0)
+ else if (strcmp(policy, XTC_LABEL_DROP) == 0)
c->verdict = -NF_DROP - 1;
else {
errno = EINVAL;
Added: branches/iptables/iptables-1.4/xtables.c
===================================================================
--- branches/iptables/iptables-1.4/xtables.c 2006-01-23 17:17:30 UTC (rev 6430)
+++ branches/iptables/iptables-1.4/xtables.c 2006-01-23 17:24:41 UTC (rev 6431)
@@ -0,0 +1,287 @@
+
+/* Keeping track of external matches and targets: linked lists. */
+struct xtables_match *iptables_matches[NPROTO];
+struct xtables_target *iptables_targets[NPROTO];
+
+struct xtables_match *
+find_match(int pf, const char *name, enum xt_tryload tryload, struct iptables_rule_match **matches)
+{
+ struct xtables_match *ptr;
+
+ if (pf >= NPROTO)
+ return NULL;
+
+ for (ptr = iptables_matches[pf]; ptr; ptr = ptr->next) {
+ if (strcmp(name, ptr->name) == 0)
+ break;
+ }
+
+#ifndef NO_SHARED_LIBS
+ if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+ char path[strlen(lib_dir) + sizeof("/libipt_.so")
+ + strlen(name)];
+ sprintf(path, "%s/libipt_%s.so", lib_dir, name);
+ if (dlopen(path, RTLD_NOW)) {
+ /* Found library. If it didn't register itself,
+ maybe they specified target as match. */
+ ptr = find_match(name, DONT_LOAD, NULL);
+
+ if (!ptr)
+ exit_error(PARAMETER_PROBLEM,
+ "Couldn't load match `%s'\n",
+ name);
+ } else if (tryload == LOAD_MUST_SUCCEED)
+ exit_error(PARAMETER_PROBLEM,
+ "Couldn't load match `%s':%s\n",
+ name, dlerror());
+ }
+#else
+ if (ptr && !ptr->loaded) {
+ if (tryload != DONT_LOAD)
+ ptr->loaded = 1;
+ else
+ ptr = NULL;
+ }
+ if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
+ exit_error(PARAMETER_PROBLEM,
+ "Couldn't find match `%s'\n", name);
+ }
+#endif
+
+ if (ptr && matches) {
+ struct iptables_rule_match **i;
+ struct iptables_rule_match *newentry;
+
+ newentry = fw_malloc(sizeof(struct iptables_rule_match));
+
+ for (i = matches; *i; i = &(*i)->next);
+ newentry->match = ptr;
+ newentry->next = NULL;
+ *i = newentry;
+ }
+
+ return ptr;
+}
+
+
+struct xtables_target *
+find_target(int pf, const char *name, enum xt_tryload tryload)
+{
+ struct xtables_target *ptr;
+
+ /* Standard target? */
+ if (strcmp(name, "") == 0
+ || strcmp(name, IPTC_LABEL_ACCEPT) == 0
+ || strcmp(name, IPTC_LABEL_DROP) == 0
+ || strcmp(name, IPTC_LABEL_QUEUE) == 0
+ || strcmp(name, IPTC_LABEL_RETURN) == 0)
+ name = "standard";
+
+ if (pf >= NPROTO)
+ return NULL;
+
+ for (ptr = iptables_targets[pf]; ptr; ptr = ptr->next) {
+ if (strcmp(name, ptr->name) == 0)
+ break;
+ }
+
+#ifndef NO_SHARED_LIBS
+ if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) {
+ char path[strlen(lib_dir) + sizeof("/libipt_.so")
+ + strlen(name)];
+ sprintf(path, "%s/libipt_%s.so", lib_dir, name);
+ if (dlopen(path, RTLD_NOW)) {
+ /* Found library. If it didn't register itself,
+ maybe they specified match as a target. */
+ ptr = find_target(name, DONT_LOAD);
+ if (!ptr)
+ exit_error(PARAMETER_PROBLEM,
+ "Couldn't load target `%s'\n",
+ name);
+ } else if (tryload == LOAD_MUST_SUCCEED)
+ exit_error(PARAMETER_PROBLEM,
+ "Couldn't load target `%s':%s\n",
+ name, dlerror());
+ }
+#else
+ if (ptr && !ptr->loaded) {
+ if (tryload != DONT_LOAD)
+ ptr->loaded = 1;
+ else
+ ptr = NULL;
+ }
+ if(!ptr && (tryload == LOAD_MUST_SUCCEED)) {
+ exit_error(PARAMETER_PROBLEM,
+ "Couldn't find target `%s'\n", name);
+ }
+#endif
+
+ if (ptr)
+ ptr->used = 1;
+
+ return ptr;
+}
+
+static int compatible_revision(int pf, const char *name, u_int8_t revision, int opt)
+{
+ struct xt_get_revision rev;
+ socklen_t s = sizeof(rev);
+ int max_rev, sockfd;
+
+ sockfd = socket(pf, SOCK_RAW, IPPROTO_RAW);
+ if (sockfd < 0) {
+ fprintf(stderr, "Could not open socket to kernel: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
+ strcpy(rev.name, name);
+ rev.revision = revision;
+
+ max_rev = getsockopt(sockfd, FIXME_IPPROTO_IP, opt, &rev, &s);
+ if (max_rev < 0) {
+ /* Definitely don't support this? */
+ if (errno == EPROTONOSUPPORT) {
+ close(sockfd);
+ return 0;
+ } else if (errno == ENOPROTOOPT) {
+ close(sockfd);
+ /* Assume only revision 0 support (old kernel) */
+ return (revision == 0);
+ } else {
+ fprintf(stderr, "getsockopt failed strangely: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+ }
+ close(sockfd);
+ return 1;
+}
+
+
+static int compatible_match_revision(const char *name, u_int8_t revision)
+{
+ return compatible_revision(name, revision, XT_SO_GET_REVISION_MATCH);
+}
+
+static int compatible_target_revision(const char *name, u_int8_t revision)
+{
+ return compatible_revision(name, revision, XT_SO_GET_REVISION_TARGET);
+}
+
+void
+register_match(struct xtables_match *me)
+{
+ struct xtables_match **i, *old;
+
+ if (strcmp(me->version, program_version) != 0) {
+ fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
+ program_name, me->name, me->version, program_version);
+ exit(1);
+ }
+
+ /* Revision field stole a char from name. */
+ if (strlen(me->name) >= XT_FUNCTION_MAXNAMELEN-1) {
+ fprintf(stderr, "%s: target `%s' has invalid name\n",
+ program_name, me->name);
+ exit(1);
+ }
+
+ if (me->pf >= NPROTO)
+ exit(1);
+
+ old = find_match(me->name, DURING_LOAD, NULL);
+ if (old) {
+ if (old->revision == me->revision) {
+ fprintf(stderr,
+ "%s: match `%s' already registered.\n",
+ program_name, me->name);
+ exit(1);
+ }
+
+ /* Now we have two (or more) options, check compatibility. */
+ if (compatible_match_revision(old->name, old->revision)
+ && old->revision > me->revision)
+ return;
+
+ /* Replace if compatible. */
+ if (!compatible_match_revision(me->name, me->revision))
+ return;
+
+ /* Delete old one. */
+ for (i = &iptables_matches; *i!=old; i = &(*i)->next);
+ *i = old->next;
+ }
+
+ if (me->size != IPT_ALIGN(me->size)) {
+ fprintf(stderr, "%s: match `%s' has invalid size %u.\n",
+ program_name, me->name, (unsigned int)me->size);
+ exit(1);
+ }
+
+ /* Append to list. */
+ for (i = &iptables_matches[me->pf]; *i; i = &(*i)->next);
+ me->next = NULL;
+ *i = me;
+
+ me->m = NULL;
+ me->mflags = 0;
+}
+
+void
+register_target(struct xtables_target *me)
+{
+ struct xtables_target *old;
+
+ if (strcmp(me->version, program_version) != 0) {
+ fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n",
+ program_name, me->name, me->version, program_version);
+ exit(1);
+ }
+
+ /* Revision field stole a char from name. */
+ if (strlen(me->name) >= IPT_FUNCTION_MAXNAMELEN-1) {
+ fprintf(stderr, "%s: target `%s' has invalid name\n",
+ program_name, me->name);
+ exit(1);
+ }
+
+ old = find_target(me->name, DURING_LOAD);
+ if (old) {
+ struct iptables_target **i;
+
+ if (old->revision == me->revision) {
+ fprintf(stderr,
+ "%s: target `%s' already registered.\n",
+ program_name, me->name);
+ exit(1);
+ }
+
+ /* Now we have two (or more) options, check compatibility. */
+ if (compatible_target_revision(old->name, old->revision)
+ && old->revision > me->revision)
+ return;
+
+ /* Replace if compatible. */
+ if (!compatible_target_revision(me->name, me->revision))
+ return;
+
+ /* Delete old one. */
+ for (i = &iptables_targets; *i!=old; i = &(*i)->next);
+ *i = old->next;
+ }
+
+ if (me->size != IPT_ALIGN(me->size)) {
+ fprintf(stderr, "%s: target `%s' has invalid size %u.\n",
+ program_name, me->name, (unsigned int)me->size);
+ exit(1);
+ }
+
+ /* Prepend to list. */
+ me->next = iptables_targets;
+ iptables_targets = me;
+ me->t = NULL;
+ me->tflags = 0;
+}
+
+
More information about the netfilter-cvslog
mailing list